[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 16 13:08:28 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=968





------- Additional Comments From dtucker at zip.com.au  2005-02-16 13:08 -------
(In reply to comment #12)
> (From update of attachment 827 [edit])
> Instead of doing nothing, could you make it spectacularly fprintf(stderr) and
> exit(1)? If ssh-rand-helper ever somehow starts using arc4random, then it
> would do so with an unseeded RC4...

Unfortunately, it doesn't seem to be that simple.  seed_rng() *does* get called
right after all the processing but immediately before the output is written
(although I don't understand why).

If you believe gdb it's called by OpenSSL's CRYPTO_free() but that seems pretty
wacky.  I put a debug in seed_rng and set a breakpoint on it:

#0  seed_rng () at ../../ssh-rand-helper.c:901
#1  0x0000f78c in CRYPTO_free ()
#2  0x000079d8 in _gettemp (
    path=0x7f7e0ec8 "/home/dtucker/.ssh/prng_seed.XXXXX13501",
    doopen=0x7f7e1348, domkdir=0, slen=0)
    at ../../../openbsd-compat/mktemp.c:105
#3  0x00007b70 in mkstemp (
    path=0x2a10980 <Error reading address 0x2a10980: Bad address>)
    at ../../../openbsd-compat/mktemp.c:61
#4  0x00005d40 in prng_write_seedfile () at ../../ssh-rand-helper.c:585
#5  0x000067d8 in main (argc=2, argv=0x7f7e0500) at ../../ssh-rand-helper.c:866

Hey, gettemp() *does* call arc4random(), which calls seed_rng() so it looks like
I was wrong in blaming the linker.  Checking RAND_status() seems to be the right
thing to do.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list