Bug 435 - internal entropy gatherer
Summary: internal entropy gatherer
Status: CLOSED INVALID
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All All
: P2 major
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-11-14 22:39 AEDT by Udo Günthner
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Udo Günthner 2002-11-14 22:39:55 AEDT 
Gathering entropy from programs does not work. Using multiple -v in ssh shows
'timed out' and returned 0.00 bytes for all commands in ssh_prng_cmds. Looking
at the source code of 
ssh-rand-helper.c I found in line 309 and 310:

		dup2(p[1], STDOUT_FILENO);
		dup2(p[1], STDERR_FILENO);

I guess the first should be p[0] (because in line 362 we have

		bytes_read = read(p[0], buf, sizeof(buf));

p[0] is not set and in 365ff 

		if (bytes_read == -1) {
			error_abort = 1;

later (starting 399) error_abort causes the 'timed out' message.
Comment 1 Darren Tucker 2002-11-15 00:21:18 AEDT 
Which platform did you observe this on? Assuming it's AIX, it works ok for me on 
4.3.3. What's in ssh_prng_cmds? Non-existant commands will produces zero 
entropy.

$ /usr/local/libexec/ssh-rand-helper -vvv
debug1: loading PRNG seed from file /home/dtucker/.ssh/prng_seed
debug1: Seeded RNG with 3 bytes from system calls
debug1: Loaded 25 entropy commands from /usr/local/etc/ssh_prng_cmds
debug3: Reading output from 'ls -alni /var/log'
debug3: Time elapsed: 38 msec
debug3: Got 4.12 bytes of entropy from 'ls -alni /var/log'
[snip]
Comment 2 Udo Günthner 2002-11-15 02:49:10 AEDT 
I experienced it under IBM z/OS 1.3 Unix System Services (ufff :-( )
but looking at the source code I wonder how it ever works on any platform ...

debug output:
debug3: Reading output from 'ls -alni /tmp'
debug3: Time elapsed: 40 msec
debug2: Command 'ls -alni /tmp' timed out
debug3: Got 0.00 bytes of entropy from 'ls -alni /tmp'
debug3: Reading output from 'ls -alni /usr/lpp'
debug3: Time elapsed: 33 msec
debug2: Command 'ls -alni /usr/lpp' timed out
debug3: Got 0.00 bytes of entropy from 'ls -alni /usr/lpp'
debug3: Reading output from 'ls -alni /etc'
debug3: Time elapsed: 35 msec
debug2: Command 'ls -alni /etc' timed out
debug3: Got 0.00 bytes of entropy from 'ls -alni /etc'
debug3: Reading output from 'ls -alni /bin'
debug3: Time elapsed: 39 msec
debug2: Command 'ls -alni /bin' timed out
debug3: Got 0.00 bytes of entropy from 'ls -alni /bin'
.....
Comment 3 Ben Lindstrom 2002-11-15 04:58:05 AEDT 
does this change actually fix it?  the code pretty much clsoes all 
STDIN/STDOUT/STDERR of the parent so that the child can overwrite it.

Some platforms may handle it without the close(p[..]) part correctly.

If it does solve it and does not cause problems then I have no problems 
submitting such a patch.
Comment 4 Udo Günthner 2002-11-16 03:21:07 AEDT 
seems that the select() does not work properly on my system.
Sometimes it times out even when the elapsed time of the command is less than
the specified timeout. maybe a timer resolution issue on my platform ....
when I specify for instance a timeout of 300 ms, somm commands that used 250 ms
are ok, but others with 30 ms are not ...
When I set the timeout to 500 ms or more, I have a good chance to get entropy 
(although I cannot be sure :-( ). Guess I have to find a fix for the select()
problem.
Comment 5 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED