From: Stanislav Meduna <stano@meduna.org>
To: openssl-dev@openssl.org
Cc: user-mode-linux-devel@lists.sourceforge.net
Subject: [uml-devel] Couldn't obtain random bytes in sshd - problem in RAND_poll?
Date: Wed, 06 Aug 2008 11:08:49 +0200 [thread overview]
Message-ID: <48996A21.90603@meduna.org> (raw)
Hi,
I and a few other users are seeing sshd failing with
Couldn't obtain random bytes (error 604389476)
and other ssl-related application failing randomly
in user mode linux guests and I suspect a problem
in openssl that got triggered by some change in UML.
I reviewed the RAND_poll function in rand_unix.c
(statically, no time for building a debug version now)
and have following suspicions:
===
For Linux:
int r; ... this has random bytes from stack
...
if (poll(&pset, 1, usec / 1000) < 0)
usec = 0;
else
try_read = (pset.revents & POLLIN) != 0;
... Let's say that the poll timed out (i.e. returned 0)
try_read remains 0, r still has garbage
while ((r > 0 || (errno == EINTR || errno == EAGAIN)) &&
... Let's say that the garbage was negative. We are out of
the loop and errno has bogus data (successfull/timed out
poll did not set anything)
=== For other Unices there's additional problem:
If the select select's successfully and immediately, it can
leave the time not slept unchanged in the time argument
(which is IMHO fully legal, if it finds the bytes immediately).
If the read then does not get all the needed bytes, the code
if (usec == 10*1000)
usec = 0;
kicks in and we are out of the loop again.
Suggested changes:
- add
r = -1;
inside the do loop after the int try_read = 0;
- change
if (usec == 10*1000)
into
if (r < 0 && usec == 10*1000)
Regards
--
Stano
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
next reply other threads:[~2008-08-06 9:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-06 9:08 Stanislav Meduna [this message]
2008-08-06 11:11 ` [uml-devel] Couldn't obtain random bytes in sshd - problem in RAND_poll? Tomas Mraz
2008-08-06 12:11 ` Stanislav Meduna
2008-08-06 12:55 ` David Schwartz
2008-08-07 8:51 ` Damien Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48996A21.90603@meduna.org \
--to=stano@meduna.org \
--cc=openssl-dev@openssl.org \
--cc=user-mode-linux-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.