Displaying 20 results from an estimated 200 matches similar to: "openssh portable and libressl portable cause recursion between arc4random and RAND_bytes"
2003 Mar 17
1
RAND_bytes return value
Hello,
I have been doing some looking at openssl 0.9.7 and
openssh3.5p1 and found a minor descrepancy. RAND_bytes() is
called around line 69 of openbsd-compat/bsd-arc4random.c.
It checks to see if the return is not zero. The RAND_bytes
function can also return -1, too. All the code in openssl
uses <=0 for the test rather than !.
Best Regards,
Steve Grubb
2004 Mar 30
1
Fatal: RAND_bytes() failed
This morning dovecot died with the following messages in the errorlog.
Any solution to this problem?
I am using Fedora Core 1 on a SMP i686 box.
imap-login: Mar 30 08:08:00 Fatal: RAND_bytes() failed:
error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
dovecot: Mar 30 08:08:00 Error: Login process died too
2003 Jun 23
1
OpenSSL on AIX
Hi,
with current test releases SSL doesn't work anymore for me on AIX 4.3
with dovecot-0.99.10-test14. It worked with 0.99.9.1.
dovecot: Jun 23 19:42:23 Info: Dovecot starting up
imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
imap-login: Jun 23 19:42:25 Fatal: RAND_bytes() failed: error:24064064:random number
2004 May 24
3
Dovecot + SSL + Fedora
I've been seeing the Dovecot/SSL/Fedora 1 problem.
I have a dovecot server which tends to die at least once a day,
with messages like these :-
May 24 13:44:44 mail pop3-login: RAND_bytes() failed: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
May 24 13:44:44 mail dovecot: Login process died too early - shutting down
I noticed Timo's email about this at:
2006 Mar 17
1
[PATCH] OpenSSL RNG initialization
Hi,
dovecot tries to use OpenSSL's PRNG to generate random numbers if
there is no /dev/urandom found. Unfortunately, it is flawed in its
present
form, since the PRNG is not seeded before RAND_bytes() is called in
src/lib/randgen.c (on systems which have /dev/urandom, OpenSSL
automatically seeds its PRNG from the urandom device).
Here's a patch to address this issue: it tries to seed
2002 Jan 22
4
ssh-rand-helper
Now that ssh-rand-helper has been segregated into a separate program,
I'd like to revisit an old question about its entropy gathering.
- would it be desirable to make it possible for ssh-rand-helper to fall
back to external commands if PRNGD cannot be reached, instead of
choosing one or the other at compile time?
- When using PRNGD, the program gets 48 bytes of entropy from PRNGD,
2004 Jan 24
1
dovecot crash
I woke up this morning and my dovecot server had died with the following in
the dovecot.log file:
pop3-login: Jan 23 10:23:08 Fatal: RAND_bytes() failed:
error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
dovecot: Jan 23 10:23:08 Error: Login process died too early - shutting down
dovecot: Jan 23 10:23:08 Error: child 16321 (login) returned error 89
How can I find out
2004 Apr 09
1
dovecot dies - mabye a clue?
Dovecot died twice today. This was in the maillog:
Apr 9 17:50:27 ciscy pop3-login: RAND_bytes() failed: error:24064064:random
number generator:SSLEAY_RAND_BYTES:PRNG not seeded
Apr 9 17:50:27 ciscy dovecot: Login process died too early - shutting down
I think I can cause it to happen reliably and I'm asking for other to test
this scenario:
Open several terminal windows. In each, type
2004 Mar 19
1
Re: Dovecot died due to some SSL related error
(Sorry, just joined the list, can't reply in the original message
from Feb 4.)
> Hi,
> Dovecot (pre-compiled version of Fedora Core 1, configured for Maildir)
> is running fine for me since a few days. It happened now twice to me
> that dovecot died with the following error message in /var/log/maillog:
>
> Feb 4 11:18:27 hundehuette imap-login: RAND_bytes() failed:
>
2000 Jul 17
0
patch for getting 2.1.1p4 to compile on SunOS 4
Hi.
SunOS 4 is one system that relies on the strerror() in bsd-misc.[ch].
However, that replacement function does not have the right prototype.
This is fixed in the patch below. There was also an error with
sys_errlist not being explicitely declared. Also fixed.
There was another weird link-time problem with bsd-misc.o being at the
same time used by some *.o in libssh.a and using itself
2004 Feb 04
0
Dovecot died due to some SSL related error
Hi,
Dovecot (pre-compiled version of Fedora Core 1, configured for Maildir)
is running fine for me since a few days. It happened now twice to me
that dovecot died with the following error message in /var/log/maillog:
Feb 4 11:18:27 hundehuette imap-login: RAND_bytes() failed:
error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded
Feb 4 11:18:27 hundehuette dovecot: Login
2004 May 27
0
0.99.10.5-rc2
http://dovecot.org/rc/
Just a few more changes:
- --with-moduledir option to configure
- compile fix to Solaris 10
- mbox syncing complains if mbox is modified while we have it locked
and something goes wrong (lock settings are wrong)
- maildir: RENAME xx inbox.xx makes sure INBOX is uppercased.
- "RAND_bytes() failed:" SSL "fix" for fedora/redhat
-------------- next
2001 Jan 16
1
ssh drops privs when it can't find ~/.ssh/prng_seed
I'm using OpenSSH 2.3.0p1. When my users use ssh for the first
time, using rhosts authentication, entropy.c drops the privs in
prng_write_seedfile() at the setuid(original_uid) line (line 550,
approx):
void
prng_write_seedfile(void) {
int fd;
char seed[1024];
char filename[1024];
struct passwd *pw;
/* Don't bother if we have already saved a seed */
if (prng_seed_saved)
return;
2008 May 16
0
cfservd crashing on 7.0
Hi,
I just moved my cfservd (a part of sysutils/cfengine) from a 6.2
server to a 7.0 server. Ever since, cfservd crashes regularly. The
backtrace is below, although obviously it is missing a lot. If anyone
has clues or suggestions, I'd really appreciate it.
# gdb /usr/local/sbin/cfservd cfservd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free
2004 May 27
5
0.99.10.5 released
One more bugfix since rc2:
- Maildir: synchronization might have sometimes set wrong flags to
messages, or crash completely
Quite rare because we were lucky before :)
And list of all the changes one more time:
v0.99.10.5 2003-12-27 Timo Sirainen <tss at iki.fi>
+ MySQL authentication, patch by Matthew Reimer
+ --with-moduledir configure option
- mbox: APPEND reversed given
2002 May 08
1
Maybe problem in openbsd-compat/bsd-arc4random.c
I believe there is a problem with the openbsd-compat/bsd-arc4random.c
file. If arc4random () is called without seed_rng having previously
been called (eg if you run ssh-keygen -p ) then it does not in
fact invoke seed_rng () if it is the first time. Instead it
will invoke seed_rng every time BUT the first time. At least
that is the way I read the code, and changing it as below allowed
me to
2013 Nov 06
4
[Bug 2168] New: Fails to build after arc4random API change in OpenBSD
https://bugzilla.mindrot.org/show_bug.cgi?id=2168
Bug ID: 2168
Summary: Fails to build after arc4random API change in OpenBSD
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: OpenBSD
Status: NEW
Severity: minor
Priority: P5
Component: Build system
Assignee:
2023 Oct 19
12
[Bug 3629] New: Building with Clang-17 fails due to -fzero-call-used-regs
https://bugzilla.mindrot.org/show_bug.cgi?id=3629
Bug ID: 3629
Summary: Building with Clang-17 fails due to
-fzero-call-used-regs
Product: Portable OpenSSH
Version: 9.5p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: critical
Priority: P5
Component: Build system
2014 Oct 02
1
Anyone have LibreSSL working on CentOS 6.5?
Hi folks,
I searched the list for LibreSSL and found only one mention of it!
Has anyone gotten this working? I have it compiling no problem, but
removing OpenSSL is another story of course. It seems to be compiled
with FIPS support and of course there is no such thing in LibreSSL -
that is something they tore out
thanks,
-Alan
--
"Don't eat anything you've ever seen advertised
2015 Aug 07
1
LibreSSL
With 2.2.2 release
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt is there
a paln to provide a drop-in replacement of OpenSSL?
--
Ciao,
luigi
/
+--[Luigi Rosa]--
\
Furious activity is no substitute for understanding.
--H. H. Williams