Article delegate-en/945 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A944@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: ssl bug
25 Dec 2000 05:04:55 GMT ysato@etl.go.jp (Yutaka Sato)


Hi,

On 12/24/00(00:20) you Hue Le <pwabqbdyi-auoevhegzonr.ml@ml.delegate.org> wrote
in <_A944@delegate-en.ML_>
 |12/23 07:19:16.75 [16978] 2+1: -- Fork(FSV): 16977 -> 16978
 |12/23 07:19:16.75 [16978] 2+1: #### execFilter[FSV]
 |[/home/huele/FAILOVER/delegate6.1.21/lib/sslway]sslway
...
 |## SSLway[16978](huele-dsl4) connect failed
 |16978:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
 |seeded:md_rand.c:474:You need to read the OpenSSL FAQ,
 |http://www.openssl.org/support/faq.html
...
 |And check http://www.openssl.org/support/faq.html . Any idea?
 |1. Why do I get a "PRNG not seeded" error message?
 |
 |              Cryptographic software needs a source of unpredictable
 |data to work correctly. Many open source operating systems provide a
 |"randomness
 |              device" that serves this purpose. On other systems,
 |applications have to call the RAND_add() or RAND_seed() function with
 |appropriate data
 |              before generating keys or performing public key
 |encryption.
...
 |              On systems without /dev/urandom, it is a good idea to use
 |the Entropy Gathering Demon; see the RAND_egd() manpage for details.
...
 |              Some broken applications do not do this. As of version
 |0.9.5, the OpenSSL functions that need randomness report an error if the


Thank you for your informative notice.  I've not noticed the problem
since I am used to use openSSL 0.9.4.
I reproduced the problem on Solaris2.6 without /dev/urandom, and fixed
it with the enclosed patch. 

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_


*** ../../delegate6.1.22/filters/sslway.c	Tue Nov 28 20:30:53 2000
--- sslway.c	Mon Dec 25 14:00:55 2000
***************
*** 468,473 ****
--- 468,485 ----
  		*isHTTP = 1;
  	return 0;
  }
+ static rand_seed()
+ {	int seed[8],si;
+ 
+ 	seed[0] = Gettimeofday(&seed[1]);
+ 	seed[2] = getpid();
+ 	seed[3] = getuid();
+ 	seed[4] = (int)seed;
+ 	seed[5] = (int)&rand_seed;
+ 	RAND_seed(seed,sizeof(seed));
+ 	for( si = 0; si < 8; si++ )
+ 		seed[si] = 0;
+ }
  static _passwd(what,pass,buf,siz,vrfy)
  	char *what,*pass;
  	char *buf;
***************
*** 495,501 ****
  
  static put_help()
  {
! 	syslog_ERROR("SSLway 2000-11-28 <ysato@delegate.org>\r\n");
  }
  main(ac,av)
  	char *av[];
--- 507,513 ----
  
  static put_help()
  {
! 	syslog_ERROR("SSLway 2000-12-26 <ysato@delegate.org>\r\n");
  }
  main(ac,av)
  	char *av[];
***************
*** 653,659 ****
--- 665,674 ----
  	conSSL = NULL;
  
  	if( do_conSSL || do_accSSL )
+ 	{
+ 		rand_seed();
  		TRACE("start");
+ 	}
  
  	fdv[0] = accfd;
  	fdv[1] = confd;

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V