From puffy@xil.arc.rpi.edu Mon Oct 27 23:07:30 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP id XAA03944; Mon, 27 Oct 2003 23:07:30 -0500 (EST) Received: from consultoffice.acs.rpi.edu (xil.arc.rpi.edu [128.113.164.50]) by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id h9S47TNg005946 for ; Mon, 27 Oct 2003 23:07:29 -0500 (EST) Received: from xil.arc.rpi.edu (puffy@localhost.arc.rpi.edu [IPv6:::1]) by consultoffice.acs.rpi.edu (8.12.10/8.12.9) with ESMTP id h9S47P8e021469 for ; Mon, 27 Oct 2003 23:07:25 -0500 (EST) Received: (from puffy@localhost) by xil.arc.rpi.edu (8.12.10/8.12.9/Submit) id h9S47PuA019982; Mon, 27 Oct 2003 23:07:25 -0500 (EST) Date: Mon, 27 Oct 2003 23:07:25 -0500 (EST) Message-Id: <200310280407.h9S47PuA019982@xil.arc.rpi.edu> To: krb5-bugs@mit.edu Subject: Kerberos / OpenBSD PRNG issue From: kempf@rpi.edu Reply-To: kempf@rpi.edu Cc: X-send-pr-version: 3.99 >Submitter-Id: net >Originator: Jesse Kempf >Organization: Rensselaer Polytechnic Institute >Confidential: no >Synopsis: Strong entropy read fails on OpenBSD >Severity: serious >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: krb5-1.3.1 >Environment: Pentium III 500 MHz running OpenBSD 3.4-Current (Oct 20) System: OpenBSD xil.arc.rpi.edu 3.4 GENERIC#0 i386 >Description: lib/crypto/prng.c line 197 uses /dev/random from which to acquire strong random data. OpenBSD reserves /dev/random for a hardware random number generator. This causes a failure whenever Kerberos attempts to acquire strong data on an OpenBSD system that does not have a hardware randomness generator. /dev/srandom functions in the same fashion as /dev/random on other BSDs. >How-To-Repeat: Run "kdb5_util create". This fails and causes CPU usage by kdb5_util to approach 100%. >Fix: Add a configure-time test to detect OpenBSD. If using OpenBSD, change: if (read_entropy_from_device (context, "/dev/random")) to: if (read_entropy_from_device (context, "/dev/srandom"))