From puffy@xil.arc.rpi.edu Mon Oct 27 23:07:30 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id XAA03944; Mon, 27 Oct 2003 23:07:30 -0500 (EST)
Received: from consultoffice.acs.rpi.edu (xil.arc.rpi.edu [128.113.164.50])
by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id h9S47TNg005946
for <krb5-bugs@mit.edu>; Mon, 27 Oct 2003 23:07:29 -0500 (EST)
Received: from xil.arc.rpi.edu (puffy@localhost.arc.rpi.edu [IPv6:::1])
by consultoffice.acs.rpi.edu (8.12.10/8.12.9) with ESMTP id h9S47P8e021469
for <krb5-bugs@mit.edu>; Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Received: (from puffy@localhost)
by xil.arc.rpi.edu (8.12.10/8.12.9/Submit) id h9S47PuA019982;
Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Date: Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Message-Id: <200310280407.h9S47PuA019982@xil.arc.rpi.edu>
To: krb5-bugs@mit.edu
Subject: Kerberos / OpenBSD PRNG issue
From: kempf@rpi.edu
Reply-To: kempf@rpi.edu
Cc:
X-send-pr-version: 3.99
System: OpenBSD xil.arc.rpi.edu 3.4 GENERIC#0 i386
if (read_entropy_from_device (context, "/dev/random"))
to:
if (read_entropy_from_device (context, "/dev/srandom"))
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id XAA03944; Mon, 27 Oct 2003 23:07:30 -0500 (EST)
Received: from consultoffice.acs.rpi.edu (xil.arc.rpi.edu [128.113.164.50])
by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id h9S47TNg005946
for <krb5-bugs@mit.edu>; Mon, 27 Oct 2003 23:07:29 -0500 (EST)
Received: from xil.arc.rpi.edu (puffy@localhost.arc.rpi.edu [IPv6:::1])
by consultoffice.acs.rpi.edu (8.12.10/8.12.9) with ESMTP id h9S47P8e021469
for <krb5-bugs@mit.edu>; Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Received: (from puffy@localhost)
by xil.arc.rpi.edu (8.12.10/8.12.9/Submit) id h9S47PuA019982;
Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Date: Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Message-Id: <200310280407.h9S47PuA019982@xil.arc.rpi.edu>
To: krb5-bugs@mit.edu
Subject: Kerberos / OpenBSD PRNG issue
From: kempf@rpi.edu
Reply-To: kempf@rpi.edu
Cc:
X-send-pr-version: 3.99
Show quoted text
>Submitter-Id: net
>Originator: Jesse Kempf
>Organization:
Rensselaer Polytechnic Institute>Originator: Jesse Kempf
>Organization:
Show quoted text
>Confidential: no
>Synopsis: Strong entropy read fails on OpenBSD
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.3.1
>Environment:
Pentium III 500 MHz running OpenBSD 3.4-Current (Oct 20)>Synopsis: Strong entropy read fails on OpenBSD
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.3.1
>Environment:
System: OpenBSD xil.arc.rpi.edu 3.4 GENERIC#0 i386
Show quoted text
>Description:
lib/crypto/prng.c line 197 uses /dev/random from which to acquire strong random data. OpenBSD reserves /dev/random for a hardware random number generator. This causes a failure whenever Kerberos attempts to acquire strong data on an OpenBSD system that does not have a hardware randomness generator. /dev/srandom functions in the same fashion as /dev/random on other BSDs.Show quoted text
>How-To-Repeat:
Run "kdb5_util create". This fails and causes CPU usage by kdb5_util to approach 100%.Show quoted text
>Fix:
Add a configure-time test to detect OpenBSD. If using OpenBSD, change:if (read_entropy_from_device (context, "/dev/random"))
to:
if (read_entropy_from_device (context, "/dev/srandom"))