David Schwartz wrote:
Try launching your test program automatically on boot up at the saem time you launch ssh or whatever application is failing. I bet '/dev/urandom' will fail then.
The program had no problems running with simultaneous od -x /dev/random, that was blocking because it sucked all the entropy available, running in another shell... cat /proc/sys/kernel/random/entropy_avail gives 17 etc... Well, I started another sshd under strace, I am sucking the entropy with od -x /dev/random and am waiting for the crash. I got two: 1) one sshd child instance where the sshd daemon says "PRNG not seeded" (which translates to RAND_status not 1), but the strace looks all normal :( [pid 4711] open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3 [pid 4711] fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 [pid 4711] poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 10) = 1 [pid 4711] read(3, "cc\262\322C\\\226T\235/\37\352\356\234\260P(\177\35\214"..., 32) = 32 [pid 4711] close(3) = 0 [pid 4711] getuid32() = 0 [pid 4711] time(NULL) = 1218033332 (all of these are clearly the RAND_poll) and then it goes to call time, open /etc/localtime etc. preparing to log the error. How can _this_ happen? The RAND_poll in ssleay_rand_status _was_ called and provided ENTROPY_NEEDED (32) bytes. The loop exited with n >= ENTROPY_NEEDED, so the RAND_add(tmpbuf,sizeof tmpbuf,(double)n); was called... 2) Could not obtain random bytes This is the parent sshd and it does not do _anything_ with the /dev/urandom at the time of the crash. A sshd child process exits, parent sshd does a few closes and proceeds to "Cannot obtain random bytes". That means that RAND_bytes returned <= 0. In ssleay_rand_bytes there is ok = (entropy >= ENTROPY_NEEDED); and then I don't see anything that could set the ok back to true. Is another ok = (entropy >= ENTROPY_NEEDED); missing somewhere after all the stirring etc? Well, enough for today - I am no expert in ssl, I am just trying to find what is happening here... Regards -- Stano ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]