Debian Bug report logs - #343085
outgoing connection hangs after STARTTLS (entropy issue)

version graph

Package: exim4; Maintainer for exim4 is Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>; Source for exim4 is src:exim4.

Reported by: Dr. Jürgen Pfennig <info@j-pfennig.de>

Date: Mon, 12 Dec 2005 15:03:05 UTC

Severity: important

Tags: moreinfo

Merged with 338319

Found in versions exim4/4.50-8, exim4/4.54-2

Fixed in version 4.63-4

Done: Marc Haber <mh+debian-packages@zugschlus.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Dr. Jürgen Pfennig <info@j-pfennig.de>:
New Bug report received and forwarded. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Dr. Jürgen Pfennig <info@j-pfennig.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4: Exim SMTP_AUTH hangs since today for important german provider (1und1)
Date: Mon, 12 Dec 2005 15:37:17 +0100
Package: exim4
Version: 4.54-2
Severity: normal

Since today "exim4 -qf -v" showed that the connection hangs after
TLSSTART. The thing has worked well for several months before. An update
from 4.50 (sarge) to 4.54 (test) to not solve the problem. After
disabling TLS I can send mail again.

(1) Assuming that it's a provide side bug - Please improve documentation on
    how to disable TLS and using PLAIN TEXT
(2) If it's not a provider side bug - could it be fixed?

Additional info: my exim log contained occasional entries like:

2005-12-06 21:29:09 1EjicG-0006au-Px TLS error on connection to
  authmailonline.kundenserver.de [212.227.15.164] (gnutls_handshake):
  A record packet with illegal version was received.

Thanks, Juergen

-- Package-specific info:
Exim version 4.54 #1 built 02-Nov-2005 19:42:32
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: crypteq iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='smarthost'
dc_other_hostnames='centauri:centauri.home:*.centauri.home:alpha:alpha?'
#dc_other_hostnames='alpha:alpha0:alpha.centauri.home:alpha0.centauri.home'
dc_local_interfaces=''
dc_readhost='j-pfennig.de'
dc_relay_domains=''
dc_minimaldns='false'
#dc_minimaldns='true'
dc_relay_nets='*.centauri.home'
dc_smarthost='auth.mail.onlinehome.de'
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname='true'
dc_localdelivery=cyrus_delivery
dc_mailname_in_oh='true'

### *** THIS FILE REQUIRES: an insertion in exim4.conf.template:
#
#cyrus_delivery:
#   driver = lmtp
#   socket = /var/run/cyrus/socket/lmtp
#   batch_max = 20
#   user = mail
mailname:alpha0.centauri.home

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14-4-amd
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages exim4 depends on:
ii  exim4-base                    4.54-2     support files for all exim MTA (v4
ii  exim4-daemon-light            4.54-2     lightweight exim MTA (v4) daemon

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Dr. Jürgen Pfennig <info@j-pfennig.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today for important german provider (1und1)
Date: Mon, 12 Dec 2005 16:17:13 +0100
On Mon, Dec 12, 2005 at 03:37:17PM +0100, Dr. Jürgen Pfennig wrote:
> Since today "exim4 -qf -v" showed that the connection hangs after
> TLSSTART. The thing has worked well for several months before. An update
> from 4.50 (sarge) to 4.54 (test) to not solve the problem. After
> disabling TLS I can send mail again.

Do you have enough entropy available?
cat /proc/sys/kernel/random/entropy_avail to see the amount of
available entropy.

> (1) Assuming that it's a provide side bug - Please improve documentation on
>     how to disable TLS and using PLAIN TEXT

Send patch.

Please don't make it too easy because a security feature once disabled
for debugging will not get enabled again on most incompetently
administrated installations.

> (2) If it's not a provider side bug - could it be fixed?

authmailonline.kundenserver.de seems to to TLS just fine with my exim.

> Additional info: my exim log contained occasional entries like:
> 
> 2005-12-06 21:29:09 1EjicG-0006au-Px TLS error on connection to
>   authmailonline.kundenserver.de [212.227.15.164] (gnutls_handshake):
>   A record packet with illegal version was received.

That seems normal and is probably a GnuTLS issue.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Juergen Pfennig <info@j-pfennig.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 343085@bugs.debian.org (full text, mbox):

From: Juergen Pfennig <info@j-pfennig.de>
To: 343085@bugs.debian.org
Subject: exim4: Exim SMTP_AUTH hangs since today...
Date: Tue, 13 Dec 2005 14:35:53 +0100
On my server the entropy ist only "168" could this be the cause of a GNUTLS problem?
See also ...

http://lists.xensource.com/archives/html/xen-users/2005-12/msg00019.html

But my server is not virtual (at least I hope so).

Jürgen



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Juergen Pfennig <info@j-pfennig.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sat, 17 Dec 2005 15:45:53 +0100
severity #343085 important
merge #338319 #343085
retitle #343085 outgoing connection hangs after STARTTLS (entropy issue)
thanks

On Tue, Dec 13, 2005 at 02:35:53PM +0100, Juergen Pfennig wrote:
> On my server the entropy ist only "168" could this be the cause of a GNUTLS problem?

Yes. exim will wait (and block) until there is enough entropy
available to initialize the TLS session. 

> See also ...
> 
> http://lists.xensource.com/archives/html/xen-users/2005-12/msg00019.html
> 
> But my server is not virtual (at least I hope so).

This seems to be a general issue, either with later 2.6 kernels or
with GnuTLS.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Severity set to `important'. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 338319 343085. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #34 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org, Juergen Pfennig <info@j-pfennig.de>, 343085-submitter@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 19 Jan 2006 13:42:46 +0100
* Marc Haber:

>> On my server the entropy ist only "168" could this be the cause of a GNUTLS problem?
>
> Yes. exim will wait (and block) until there is enough entropy
> available to initialize the TLS session.

According to my tests, it doesn't.  After some discussion with the GNU
TLS developers, I think it does the right thing and reads from
/dev/urandom only.

I fear that we need the output of

  strace -o /some/file -T -f exim4 -qf -v

to debug this further (run this command as root, and try to reproduce
the blocking behavior).  The resulting file may contain private
information such as passwords and email addresses; you might want to
send it directly to Marc or me, and not the BTS.



Tags added: moreinfo Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #44 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 01:36:18 +0100 (CET)
Florian Weimer wrote:
> Marc Haber:

>>> On my server the entropy ist only "168" could this be the cause of a 
>>> GNUTLS problem?

>> Yes. exim will wait (and block) until there is enough entropy available 
>> to initialize the TLS session.

> According to my tests, it doesn't.  After some discussion with the GNU 
> TLS developers, I think it does the right thing and reads from 
> /dev/urandom only.

Are you sure?

When the exim on my server blocked due to lack of entropy, I had about 100 
processes trying to access /dev/random (at least lsof said so).

As a side note: With GNU TLS, every _single_ encrypted mail transmission 
_totally_ depletes my entropy pool (going from ~3500 to ~150), but after 
recompiling Exim4 with OpenSSL, only about 200 bits (the number is 
difficult to measure, but it is way less than with GNU TLS) are used.

To be able to use Exim on this server, I had to patch the kernel to use 
the network card as additional entropy source and after this didn't work 
out to well, I also had to symlink /dev/random to /dev/urandom, which of 
course is only my last resort to keep the things running.

Grüße,
S

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #49 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 09:57:07 +0100
* Sven Hartge:

>> According to my tests, it doesn't.  After some discussion with the GNU 
>> TLS developers, I think it does the right thing and reads from 
>> /dev/urandom only.
>
> Are you sure?

Pretty much.  Exim does not read from /dev/random according to strace.

> When the exim on my server blocked due to lack of entropy, I had about 100 
> processes trying to access /dev/random (at least lsof said so).

Which version of Exim 4, GNU TLS and libgcrypt is this?

I'd really like to see an strace, too.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #54 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 10:08:07 +0100 (CET)
Um 09:57 Uhr am 30.01.06 schrieb Florian Weimer:
> * Sven Hartge:

>>> According to my tests, it doesn't.  After some discussion with the GNU 
>>> TLS developers, I think it does the right thing and reads from 
>>> /dev/urandom only.
>> Are you sure?
> Pretty much.  Exim does not read from /dev/random according to strace.

lsof said otherwise. Besides, if it read its seed from urandom, then it 
should not block on a lack of entropy, shouldn't it?

>> When the exim on my server blocked due to lack of entropy, I had about 100 
>> processes trying to access /dev/random (at least lsof said so).
 
> Which version of Exim 4, GNU TLS and libgcrypt is this?

Both exim-4.50 from Sarge and exim-4.50-2bpo1 from Backports.org. 
libgcrypt is the one from Sarge (including all security updates of 
course).

I'll try to strace exim later this day and send the file to you and Marc.

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #59 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 10:34:32 +0100
* Sven Hartge:

> Um 09:57 Uhr am 30.01.06 schrieb Florian Weimer:
>> * Sven Hartge:
>
>>>> According to my tests, it doesn't.  After some discussion with the GNU 
>>>> TLS developers, I think it does the right thing and reads from 
>>>> /dev/urandom only.
>>> Are you sure?
>> Pretty much.  Exim does not read from /dev/random according to strace.
>
> lsof said otherwise. Besides, if it read its seed from urandom, then it 
> should not block on a lack of entropy, shouldn't it?

Okay, sarge indeed uses /dev/random:

9576  access("/dev/random", R_OK)       = 0
9576  access("/dev/urandom", R_OK)      = 0
9576  open("/dev/random", O_RDONLY)     = 8

I'm going to do a bit of source code archeology to find out why.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #64 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 11:23:13 +0100
Florian Weimer wrote:
> * Sven Hartge:
> 
>> Um 09:57 Uhr am 30.01.06 schrieb Florian Weimer:
>>> * Sven Hartge:
>>>>> According to my tests, it doesn't.  After some discussion with the GNU 
>>>>> TLS developers, I think it does the right thing and reads from 
>>>>> /dev/urandom only.
>>>> Are you sure?
>>> Pretty much.  Exim does not read from /dev/random according to strace.
>> lsof said otherwise. Besides, if it read its seed from urandom, then it 
>> should not block on a lack of entropy, shouldn't it?
> 
> Okay, sarge indeed uses /dev/random:
> 
> 9576  access("/dev/random", R_OK)       = 0
> 9576  access("/dev/urandom", R_OK)      = 0
> 9576  open("/dev/random", O_RDONLY)     = 8
> 
> I'm going to do a bit of source code archeology to find out why.

So I don't need to rip apart my system to strace exim right now?

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #69 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 11:35:19 +0100
* Sven Hartge:

>> Okay, sarge indeed uses /dev/random:
>> 
>> 9576  access("/dev/random", R_OK)       = 0
>> 9576  access("/dev/urandom", R_OK)      = 0
>> 9576  open("/dev/random", O_RDONLY)     = 8
>> 
>> I'm going to do a bit of source code archeology to find out why.
>
> So I don't need to rip apart my system to strace exim right now?

No, it seems that the problem is reproducible after all.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #74 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 14:13:20 +0100
It's the generation of the special server-side key used to support
"RSA export" clients which use 40-bit symmetric session keys.

The following patch disables this feature; it should eliminate all use
of /dev/urandom.  If you omit the hunk removing GNUTLS_KX_RSA_EXPORT,
the functionality should remain there and Exim will generate the the
key on demand, i.e. if a client tries to actually connect to the
server in RSA_EXPORT mode.  This connection will potentially block, of
course, it won't prevent delivery of other mail.

A better fix would be to instruct GnuTLS to use random bits which are
not cryptographically secure for the RSA_EXPORT key because this key
is insecure anyway (it's just 512 bits, after all).

#! /bin/sh /usr/share/dpatch/dpatch-run
## 84_tls-entropy-fix.dpatch by Florian Weimer <fw@deneb.enyo.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Do not generate RSA_EXPORT keys, to preserve entropy.

@DPATCH@
diff -urNad exim4~/src/tls-gnu.c exim4/src/tls-gnu.c
--- exim4~/src/tls-gnu.c	2006-01-30 13:30:45.000000000 +0100
+++ exim4/src/tls-gnu.c	2006-01-30 13:48:19.000000000 +0100
@@ -23,7 +23,6 @@
 
 #define UNKNOWN_NAME "unknown"
 #define DH_BITS      768
-#define RSA_BITS     512
 
 /* Values for verify_requirment and initialized */
 
@@ -35,7 +34,6 @@
 static BOOL initialized = INITIALIZED_NOT;
 static host_item *client_host;
 
-static gnutls_rsa_params rsa_params = NULL;
 static gnutls_dh_params dh_params = NULL;
 
 static gnutls_certificate_server_credentials x509_cred = NULL;
@@ -55,7 +53,6 @@
   GNUTLS_KX_RSA,
   GNUTLS_KX_DHE_DSS,
   GNUTLS_KX_DHE_RSA,
-  GNUTLS_KX_RSA_EXPORT,
   0 };
 
 static int default_cipher_priority[16] = {
@@ -296,9 +293,6 @@
 
 /* Initialize the data structures for holding the parameters */
 
-ret = gnutls_rsa_params_init(&rsa_params);
-if (ret < 0) return tls_error(US"init rsa_params", host, ret);
-
 ret = gnutls_dh_params_init(&dh_params);
 if (ret < 0) return tls_error(US"init dh_params", host, ret);
 
@@ -315,7 +309,6 @@
 fd = Uopen(filename, O_RDONLY, 0);
 if (fd < 0)
   {
-  unsigned int rsa_bits = RSA_BITS;
   unsigned int dh_bits = DH_BITS;
   uschar tempfilename[sizeof(filename) + 10];
 
@@ -323,10 +316,6 @@
     return tls_error(string_open_failed(errno, "%s for reading", filename),
       host, 0);
 
-  DEBUG(D_tls) debug_printf("generating %d bit RSA key...\n", RSA_BITS);
-  ret = gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
-  if (ret < 0) return tls_error(US"RSA key generation", host, ret);
-
   DEBUG(D_tls) debug_printf("generating %d bit Diffie-Hellman key...\n",
     DH_BITS);
   ret = gnutls_dh_params_generate2(dh_params, DH_BITS);
@@ -342,10 +331,6 @@
       host, 0);
   (void)fchown(fd, exim_uid, exim_gid);   /* Probably not necessary */
 
-  ret = gnutls_rsa_params_export_raw(rsa_params, &m, &e, &d, &p, &q, &u,
-    &rsa_bits);
-  if (ret < 0) return tls_error(US"RSA params export", host, ret);
-
   ret = gnutls_dh_params_export_raw(dh_params, &prime, &generator, &dh_bits);
   if (ret < 0) return tls_error(US"DH params export", host, ret);
 
@@ -365,7 +350,7 @@
     return tls_error(string_sprintf("failed to rename %s as %s: %s",
       tempfilename, filename, strerror(errno)), host, 0);
 
-  DEBUG(D_tls) debug_printf("wrote RSA and D-H parameters to file\n");
+  DEBUG(D_tls) debug_printf("wrote D-H parameters to file\n");
   }
 
 /* File opened for reading; get the data */
@@ -384,16 +369,13 @@
 
   (void)close(fd);
 
-  ret = gnutls_rsa_params_import_raw(rsa_params, &m, &e, &d, &p, &q, &u);
-  if (ret < 0) return tls_error(US"RSA params import", host, ret);
-
   ret = gnutls_dh_params_import_raw(dh_params, &prime, &generator);
   if (ret < 0) return tls_error(US"DH params import", host, ret);
 
-  DEBUG(D_tls) debug_printf("read RSA and D-H parameters from file\n");
+  DEBUG(D_tls) debug_printf("read D-H parameters from file\n");
   }
 
-DEBUG(D_tls) debug_printf("initialized RSA and D-H parameters\n");
+DEBUG(D_tls) debug_printf("initialized D-H parameters\n");
 return OK;
 }
 
@@ -524,7 +506,6 @@
 /* Associate the parameters with the x509 credentials structure. */
 
 gnutls_certificate_set_dh_params(x509_cred, dh_params);
-gnutls_certificate_set_rsa_params(x509_cred, rsa_params);
 
 DEBUG(D_tls) debug_printf("initialized certificate stuff\n");
 return OK;



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #79 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 15:15:25 +0100
* Florian Weimer:

> It's the generation of the special server-side key used to support
> "RSA export" clients which use 40-bit symmetric session keys.
>
> The following patch disables this feature; it should eliminate all use
> of /dev/urandom.  If you omit the hunk removing GNUTLS_KX_RSA_EXPORT,
> the functionality should remain there and Exim will generate the the
> key on demand, i.e. if a client tries to actually connect to the
> server in RSA_EXPORT mode.  This connection will potentially block, of
> course, it won't prevent delivery of other mail.
>
> A better fix would be to instruct GnuTLS to use random bits which are
> not cryptographically secure for the RSA_EXPORT key because this key
> is insecure anyway (it's just 512 bits, after all).

Turns out the patch was broken.  This one should be better.  The
comments above still apply.

#! /bin/sh /usr/share/dpatch/dpatch-run
## 84_tls-entropy-fix.dpatch by  <fw@deneb.enyo.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.

@DPATCH@
diff -urNad exim4~/src/tls-gnu.c exim4/src/tls-gnu.c
--- exim4~/src/tls-gnu.c	2006-01-30 14:25:35.000000000 +0100
+++ exim4/src/tls-gnu.c	2006-01-30 14:28:08.000000000 +0100
@@ -23,7 +23,6 @@
 
 #define UNKNOWN_NAME "unknown"
 #define DH_BITS      768
-#define RSA_BITS     512
 
 /* Values for verify_requirment and initialized */
 
@@ -35,7 +34,6 @@
 static BOOL initialized = INITIALIZED_NOT;
 static host_item *client_host;
 
-static gnutls_rsa_params rsa_params = NULL;
 static gnutls_dh_params dh_params = NULL;
 
 static gnutls_certificate_server_credentials x509_cred = NULL;
@@ -55,7 +53,6 @@
   GNUTLS_KX_RSA,
   GNUTLS_KX_DHE_DSS,
   GNUTLS_KX_DHE_RSA,
-  GNUTLS_KX_RSA_EXPORT,
   0 };
 
 static int default_cipher_priority[16] = {
@@ -291,14 +288,11 @@
 init_rsa_dh(host_item *host)
 {
 int fd, ret;
-gnutls_datum m, e, d, p, q, u, prime, generator;
+gnutls_datum prime, generator;
 uschar filename[200];
 
 /* Initialize the data structures for holding the parameters */
 
-ret = gnutls_rsa_params_init(&rsa_params);
-if (ret < 0) return tls_error(US"init rsa_params", host, ret);
-
 ret = gnutls_dh_params_init(&dh_params);
 if (ret < 0) return tls_error(US"init dh_params", host, ret);
 
@@ -315,7 +309,6 @@
 fd = Uopen(filename, O_RDONLY, 0);
 if (fd < 0)
   {
-  unsigned int rsa_bits = RSA_BITS;
   unsigned int dh_bits = DH_BITS;
   uschar tempfilename[sizeof(filename) + 10];
 
@@ -323,10 +316,6 @@
     return tls_error(string_open_failed(errno, "%s for reading", filename),
       host, 0);
 
-  DEBUG(D_tls) debug_printf("generating %d bit RSA key...\n", RSA_BITS);
-  ret = gnutls_rsa_params_generate2(rsa_params, RSA_BITS);
-  if (ret < 0) return tls_error(US"RSA key generation", host, ret);
-
   DEBUG(D_tls) debug_printf("generating %d bit Diffie-Hellman key...\n",
     DH_BITS);
   ret = gnutls_dh_params_generate2(dh_params, DH_BITS);
@@ -342,20 +331,10 @@
       host, 0);
   (void)fchown(fd, exim_uid, exim_gid);   /* Probably not necessary */
 
-  ret = gnutls_rsa_params_export_raw(rsa_params, &m, &e, &d, &p, &q, &u,
-    &rsa_bits);
-  if (ret < 0) return tls_error(US"RSA params export", host, ret);
-
   ret = gnutls_dh_params_export_raw(dh_params, &prime, &generator, &dh_bits);
   if (ret < 0) return tls_error(US"DH params export", host, ret);
 
-  if (!write_datum(fd, &m) ||
-      !write_datum(fd, &e) ||
-      !write_datum(fd, &d) ||
-      !write_datum(fd, &p) ||
-      !write_datum(fd, &q) ||
-      !write_datum(fd, &u) ||
-      !write_datum(fd, &prime) ||
+  if (!write_datum(fd, &prime) ||
       !write_datum(fd, &generator))
     return tls_error(US"TLS cache write failed", host, 0);
 
@@ -365,35 +344,26 @@
     return tls_error(string_sprintf("failed to rename %s as %s: %s",
       tempfilename, filename, strerror(errno)), host, 0);
 
-  DEBUG(D_tls) debug_printf("wrote RSA and D-H parameters to file\n");
+  DEBUG(D_tls) debug_printf("wrote D-H parameters to file\n");
   }
 
 /* File opened for reading; get the data */
 
 else
   {
-  if (!read_datum(fd, &m) ||
-      !read_datum(fd, &e) ||
-      !read_datum(fd, &d) ||
-      !read_datum(fd, &p) ||
-      !read_datum(fd, &q) ||
-      !read_datum(fd, &u) ||
-      !read_datum(fd, &prime) ||
+  if (!read_datum(fd, &prime) ||
       !read_datum(fd, &generator))
     return tls_error(US"TLS cache read failed", host, 0);
 
   (void)close(fd);
 
-  ret = gnutls_rsa_params_import_raw(rsa_params, &m, &e, &d, &p, &q, &u);
-  if (ret < 0) return tls_error(US"RSA params import", host, ret);
-
   ret = gnutls_dh_params_import_raw(dh_params, &prime, &generator);
   if (ret < 0) return tls_error(US"DH params import", host, ret);
 
-  DEBUG(D_tls) debug_printf("read RSA and D-H parameters from file\n");
+  DEBUG(D_tls) debug_printf("read D-H parameters from file\n");
   }
 
-DEBUG(D_tls) debug_printf("initialized RSA and D-H parameters\n");
+DEBUG(D_tls) debug_printf("initialized D-H parameters\n");
 return OK;
 }
 
@@ -524,7 +494,6 @@
 /* Associate the parameters with the x509 credentials structure. */
 
 gnutls_certificate_set_dh_params(x509_cred, dh_params);
-gnutls_certificate_set_rsa_params(x509_cred, rsa_params);
 
 DEBUG(D_tls) debug_printf("initialized certificate stuff\n");
 return OK;



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #84 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 16:40:06 +0100
Florian Weimer wrote:
> * Florian Weimer:

>> It's the generation of the special server-side key used to support
>> "RSA export" clients which use 40-bit symmetric session keys.

> Turns out the patch was broken.  This one should be better.  The
> comments above still apply.

Will this patch be included in the next point release of Sarge or better
yet released via a security update, since it is trivial to DoS Exim4
from Sarge with some single SSL/TLS connections?

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #89 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 16:58:06 +0100
* Sven Hartge:

> Florian Weimer wrote:
>> * Florian Weimer:
>
>>> It's the generation of the special server-side key used to support
>>> "RSA export" clients which use 40-bit symmetric session keys.
>
>> Turns out the patch was broken.  This one should be better.  The
>> comments above still apply.
>
> Will this patch be included in the next point release of Sarge

Not sure about that.  There are different means to to tackle this
problem.  We could just remove

  rm -f /var/spool/exim4/gnutls-params

from the daily cron job.  Or we add proper locking so that only one
Exim process actually recomputes the params file when it is missing,
significantly reducing the impact of this problem.  Or the preferred
option: do not remove that file, but regenerate it and replace it with
the new version, so that Exim never has to regenerate it.

In any case, we need people whose Exim installations suffer from this
problem to test a patch before we roll it out.

> or better yet released via a security update, since it is trivial to
> DoS Exim4 from Sarge with some single SSL/TLS connections?

AFAICS, it is not possible to trigger this bug reliably (I had to
delete the params file manually to prove it).  It certainly results in
a loss of service, but it's a security vulnerability, and therefore
does not qualify as a security bug.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #94 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 17:08:05 +0100
Florian Weimer wrote:
> * Sven Hartge:
>> Florian Weimer wrote:
>>> * Florian Weimer:

>>>> It's the generation of the special server-side key used to
>>>> support "RSA export" clients which use 40-bit symmetric session
>>>> keys.
>>> Turns out the patch was broken.  This one should be better.  The 
>>> comments above still apply.
>> Will this patch be included in the next point release of Sarge
> 
> Not sure about that.  There are different means to to tackle this 
> problem.  We could just remove
> 
> rm -f /var/spool/exim4/gnutls-params
> 
> from the daily cron job.  Or we add proper locking so that only one 
> Exim process actually recomputes the params file when it is missing, 
> significantly reducing the impact of this problem.  Or the preferred 
> option: do not remove that file, but regenerate it and replace it
> with the new version, so that Exim never has to regenerate it.

Isn't this what is done in the version from Sid right now?

> In any case, we need people whose Exim installations suffer from this
> problem to test a patch before we roll it out.

I am more going to test this patch as soon as possible, probably this
evening.

>> or better yet released via a security update, since it is trivial
>> to DoS Exim4 from Sarge with some single SSL/TLS connections?
> 
> AFAICS, it is not possible to trigger this bug reliably (I had to 
> delete the params file manually to prove it).

I don't have to delete the params file, as _every single_ encrypted mail
transaction totally depletes my entropy pool, thus it is impossible for
my server to receive more than 1 mail every 5 minutes without totally
stalling.

So if you wanted to DoS my server, you just had to open some SSL
connections and *whoop*, no more mail delivery or reception is possible,
since the entropy pool stays at a constant zero, if you reopen a new
connection from time to time.

With exim+openssl I am not able to reproduce this effect and I have yet
to test your patch to see if it also solves the problem.

> It certainly results in a loss of service, but it's a security
> vulnerability, and therefore does not qualify as a security bug.

You probably mean "it's not a security vulnerability" in which case I
object.

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #99 received at 343085@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: Florian Weimer <fw@deneb.enyo.de>, 343085@bugs.debian.org
Cc: Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 19:36:51 +0100
On 2006-01-30 Florian Weimer <fw@deneb.enyo.de> wrote:
[...]
> Not sure about that.  There are different means to to tackle this
> problem.  We could just remove

>   rm -f /var/spool/exim4/gnutls-params

> from the daily cron job.
[...]

I just want to point out that current exim4 packages (>=4.52-2) do
_not_ remove /var/spool/exim4/gnutls-params unconditionally, but only
after successfully re-generating a replacement *offline* using
certtool (if certtool is available).
               cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #104 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 19:57:01 +0100
* Andreas Metzler:

> I just want to point out that current exim4 packages (>=4.52-2) do
> _not_ remove /var/spool/exim4/gnutls-params unconditionally, but only
> after successfully re-generating a replacement *offline* using
> certtool (if certtool is available).

Yes, I discovered that too.  This means that this bug is likely a
duplicate of #285371.  (Provided that the submitter does not have
certtool installed.)

Sven, if you do not patch anything, but remove the "rm -f
/var/spool/exim4/gnutls-params" from the daily cron job, does that fix
things for you once the file has been generated?



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #109 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 22:16:57 +0100 (CET)
Um 19:57 Uhr am 30.01.06 schrieb Florian Weimer:

>> I just want to point out that current exim4 packages (>=4.52-2) do
>> _not_ remove /var/spool/exim4/gnutls-params unconditionally, but only
>> after successfully re-generating a replacement *offline* using
>> certtool (if certtool is available).
 
> Yes, I discovered that too.  This means that this bug is likely a 
> duplicate of #285371.  (Provided that the submitter does not have 
> certtool installed.)
> 
> Sven, if you do not patch anything, but remove the "rm -f 
> /var/spool/exim4/gnutls-params" from the daily cron job, does that fix 
> things for you once the file has been generated?

Here is what I did:

1) Downgraded exim4, exim4-base, exim4-config and exim4-daemon-heavy to 
   the version from Sarge (4.50-8).

2) Waited for the gnutls-params file to reappear.

3) (in another ssh session)
   while true; do cat /proc/sys/kernel/random/entropy_avail; sleep 0.2; 
     done

4) waited until the entropy pool refilled itself

5) used an external server to send an encrypted mail to me:

3368
3372
129
140
140

So, conclusion: No the problem is not the gnutls-params file, but exim4 
using nearly each and every bit of entropy for a _single_ mail.

Using exim4+openssl does not cause this massive drain of entropy. (I have 
yet to test your patch to see if this also relieves the situation.)

Of course, regenerating the gnutls-params file every day depletes the pool 
even more and my increase the severity of the problem on machines with a 
low entropy regain rate.

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #114 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 22:41:49 +0100
* Sven Hartge:

> So, conclusion: No the problem is not the gnutls-params file, but exim4 
> using nearly each and every bit of entropy for a _single_ mail.

This is expected and is quite hard to fix properly.

During your tests, did Exim hang?

> Using exim4+openssl does not cause this massive drain of entropy. (I have 
> yet to test your patch to see if this also relieves the situation.)

It does not.

> Of course, regenerating the gnutls-params file every day depletes the pool 
> even more

I don't think so.  The pool is only 4096 bits large, and each
TLS-using delivery process drains 120 * 5 * 8 = 4800 bits from it
(because that's the way libgcrypt initializes its random number
generator).  In practice, this is always sufficient for generating a
512-bit RSA key.  The problems begin when you're on a high-volume mail
server and the delivery process drain entropy so fast that the key
generation fails to gather the needed number of bits in a reasonable
time period.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #119 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 22:42:29 +0100 (CET)
Um 15:15 Uhr am 30.01.06 schrieb Florian Weimer:

> Turns out the patch was broken.  This one should be better.  The 
> comments above still apply.

Sorry, but I patched and recompiled the exim4-package from Sarge, but any 
encrypted mail transfer nearly empties the entropy pool.

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #124 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 23:02:14 +0100
* Sven Hartge:

> Um 15:15 Uhr am 30.01.06 schrieb Florian Weimer:
>
>> Turns out the patch was broken.  This one should be better.  The 
>> comments above still apply.
>
> Sorry, but I patched and recompiled the exim4-package from Sarge, but any 
> encrypted mail transfer nearly empties the entropy pool.

Again, this is expected -- I tried to fix the blocking problem, not
the entropy consumption as such.  The entropy consumption is really a
libgcrypt issue; it does not make much sense to work around it in each
application individually.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #129 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 23:04:05 +0100 (CET)
Um 22:41 Uhr am 30.01.06 schrieb Florian Weimer:
> Sven Hartge:

>> So, conclusion: No the problem is not the gnutls-params file, but exim4 
>> using nearly each and every bit of entropy for a _single_ mail.
 
> This is expected and is quite hard to fix properly.
> 
> During your tests, did Exim hang?

No, it used /dev/urandom this time (which quite surprised me, since I used 
the same packages that were installed when Exim hang using /dev/random).
 
It seems I have a little mixup here, so I will restest the situation with 
verified packages.

> The problems begin when you're on a high-volume mail server and the 
> delivery process drain entropy so fast that the key generation fails to 
> gather the needed number of bits in a reasonable time period.

How long does your server take to refill the pool from zero to 4096?

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #134 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Andreas Metzler <ametzler@downhill.at.eu.org>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 30 Jan 2006 23:11:53 +0100 (CET)
Um 23:04 Uhr am 30.01.06 schrieb Sven Hartge:
> Um 22:41 Uhr am 30.01.06 schrieb Florian Weimer:
>> Sven Hartge:
 
>>> So, conclusion: No the problem is not the gnutls-params file, but exim4 
>>> using nearly each and every bit of entropy for a _single_ mail.
  
>> This is expected and is quite hard to fix properly. During your tests, 
>> did Exim hang?
 
> No, it used /dev/urandom this time (which quite surprised me, since I used 
> the same packages that were installed when Exim hang using /dev/random).
 
> It seems I have a little mixup here, so I will restest the situation with 
> verified packages.

OK, with all those different packages patched and recompiled during the 
last hours, I got a little knot in my brain.

So _of course_ it used /dev/urandom with your fix, as this was the whole 
point of the patch.
 
(Forgive me for being a little slow sometimes.)

Question again: does this patch qualify for an update of the Exim4 
packages in Sarge with the next point release? 

I would even like to see a security update, since without this patch you 
can remotely block an Debian-Exim mailserver by opening severy SSL 
connections and thus emptying the entropy pool, causing any further SSL 
transaction of Exim4 to hang, because the unpatched tls-gnu.c uses 
/dev/random for its RSA seed. (Is this summary correct?)

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #139 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Tue, 31 Jan 2006 00:43:19 +0100 (CET)
Um 23:02 Uhr am 30.01.06 schrieb Florian Weimer:
> Sven Hartge:
>> Um 15:15 Uhr am 30.01.06 schrieb Florian Weimer:

>>> Turns out the patch was broken.  This one should be better.  The 
>>> comments above still apply.
>> Sorry, but I patched and recompiled the exim4-package from Sarge, but 
>> any encrypted mail transfer nearly empties the entropy pool.
 
> Again, this is expected -- I tried to fix the blocking problem, not the 
> entropy consumption as such.  The entropy consumption is really a 
> libgcrypt issue; it does not make much sense to work around it in each 
> application individually.

Let me sum up all the pieces to see, if I get everything in the right way.

a) Exim uses GnuTLS in a way, which causes it to use /dev/random to aquire 
   strictly random bytes on every encrypted connection
b) GnuTLS uses much more random bytes to initialize itself than OpenSSL.

A combination of A and B leads to a possible hole for a DoS attack, if I 
am able to drain the entropy pool, because of A, Exim will block until 
enough entropy is regathered.

While fixing A is generally a Good Idea (in my opinion), so Exim does not 
block if there is no entropy available (because of whatever reason).

But the real winner would be a fix to B so that the entropy pool does not 
get drained so fast and would not only benefit Exim but any other program 
using GnuTLS.

Is this summary correct so far?

Grüße,
Sven.

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: sven@svenhartge.de



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #144 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Sven Hartge <sven@svenhartge.de>, 343085@bugs.debian.org
Cc: Florian Weimer <fw@deneb.enyo.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Tue, 31 Jan 2006 10:09:13 +0100
On Mon, Jan 30, 2006 at 11:11:53PM +0100, Sven Hartge wrote:
> Question again: does this patch qualify for an update of the Exim4 
> packages in Sarge with the next point release? 

Not unless it has been
  (a) verified as solving the issue,
  (b) upstream has commented with a positive attitude and will accept
      it for upstream exim _and_
  (c) tested in unstable and testing for at least a few weeks.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #149 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Dr. Jürgen Pfennig <info@j-pfennig.de>
Cc: 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today for important german provider (1und1)
Date: Sun, 05 Feb 2006 23:26:12 +0100
* Jürgen Pfennig:

> Package: exim4
> Version: 4.54-2
> Severity: normal
>
> Since today "exim4 -qf -v" showed that the connection hangs after
> TLSSTART. The thing has worked well for several months before. An update
> from 4.50 (sarge) to 4.54 (test) to not solve the problem. After
> disabling TLS I can send mail again.

Have you installed the gnutls-bin package?  Our analysis suggests that
this is a known issue which has been mostly addressed in Exim version
4.52-2, but only if the gnutls-bin package has also been installed.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #154 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 05 Feb 2006 23:28:10 +0100
* Marc Haber:

> On Mon, Jan 30, 2006 at 11:11:53PM +0100, Sven Hartge wrote:
>> Question again: does this patch qualify for an update of the Exim4 
>> packages in Sarge with the next point release? 
>
> Not unless it has been
>   (a) verified as solving the issue,
>   (b) upstream has commented with a positive attitude and will accept
>       it for upstream exim _and_
>   (c) tested in unstable and testing for at least a few weeks.

It's probably better to backport the 4.52-2 fix to sarge (or an
improved version of it).



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #159 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 5 Feb 2006 23:32:53 +0100
On Sun, Feb 05, 2006 at 11:28:10PM +0100, Florian Weimer wrote:
> * Marc Haber:
> > On Mon, Jan 30, 2006 at 11:11:53PM +0100, Sven Hartge wrote:
> >> Question again: does this patch qualify for an update of the Exim4 
> >> packages in Sarge with the next point release? 
> >
> > Not unless it has been
> >   (a) verified as solving the issue,
> >   (b) upstream has commented with a positive attitude and will accept
> >       it for upstream exim _and_
> >   (c) tested in unstable and testing for at least a few weeks.
> 
> It's probably better to backport the 4.52-2 fix to sarge (or an
> improved version of it).

Older exims use a version of the dh_params file that is not compatible
with certtool. Backporting that fix would be quite an intrusion into
exim's sources.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #164 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Tue, 07 Feb 2006 10:32:01 +0100
* Marc Haber:

> Older exims use a version of the dh_params file that is not compatible
> with certtool. Backporting that fix would be quite an intrusion into
> exim's sources.

I disagree, the changes would be quite isolated.  But it's your bug,
and in the end, you'll need to fix it in a way you deem most
approriate.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #169 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 26 Feb 2006 15:34:54 +0100
On Mon, Jan 30, 2006 at 02:13:20PM +0100, Florian Weimer wrote:
> A better fix would be to instruct GnuTLS to use random bits which are
> not cryptographically secure for the RSA_EXPORT key because this key
> is insecure anyway (it's just 512 bits, after all).

If we will go _that_ route - do we need to patch exim, or gnutls?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #174 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: 343085@bugs.debian.org
Cc: fw@deneb.enyo.de
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 26 Feb 2006 15:36:45 +0100
On Mon, Jan 30, 2006 at 03:15:25PM +0100, Florian Weimer wrote:
> Turns out the patch was broken.  This one should be better.

It doesn't apply to current Debian exim:
$ < ~/exim4/exim-gnutls-patch patch -p1
patching file src/tls-gnu.c
Hunk #1 FAILED at 23.
Hunk #2 succeeded at 36 (offset 2 lines).
Hunk #3 succeeded at 55 (offset 2 lines).
Hunk #4 FAILED at 290.
Hunk #5 FAILED at 311.
Hunk #6 succeeded at 332 with fuzz 2 (offset 16 lines).
Hunk #7 FAILED at 347.
Hunk #8 FAILED at 360.
Hunk #9 FAILED at 510.
6 out of 9 hunks FAILED -- saving rejects to file src/tls-gnu.c.rej
$ 

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #179 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 26 Feb 2006 15:37:43 +0100
On Mon, Jan 30, 2006 at 04:40:06PM +0100, Sven Hartge wrote:
> Will this patch be included in the next point release of Sarge or better
> yet released via a security update, since it is trivial to DoS Exim4
> from Sarge with some single SSL/TLS connections?

It's way too early to ask.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #184 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Sun, 26 Feb 2006 15:39:00 +0100
On Mon, Jan 30, 2006 at 11:02:14PM +0100, Florian Weimer wrote:
> The entropy consumption is really a
> libgcrypt issue; it does not make much sense to work around it in each
> application individually.

Agreed. Is there already a bug filed against libgcrypt?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #189 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 20 Mar 2006 19:40:20 +0100
* Marc Haber:

> On Mon, Jan 30, 2006 at 11:02:14PM +0100, Florian Weimer wrote:
>> The entropy consumption is really a
>> libgcrypt issue; it does not make much sense to work around it in each
>> application individually.
>
> Agreed. Is there already a bug filed against libgcrypt?

None that I know of.



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #194 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>, 343085@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Mon, 20 Mar 2006 23:04:29 +0100
On Mon, Mar 20, 2006 at 07:40:20PM +0100, Florian Weimer wrote:
> * Marc Haber:
> > On Mon, Jan 30, 2006 at 11:02:14PM +0100, Florian Weimer wrote:
> >> The entropy consumption is really a
> >> libgcrypt issue; it does not make much sense to work around it in each
> >> application individually.
> >
> > Agreed. Is there already a bug filed against libgcrypt?
> 
> None that I know of.

Any possibility that you file one? You know things much better and can
pinpoint the issue more exact than I can.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information stored:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #199 received at 343085-quiet@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: 343085-quiet@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 21 Jun 2006 20:02:03 +0200
user exim4@packages.debian.org
usertags #343085 gnutls
thanks

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Micha Lenk <micha@lenk.info>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #204 received at 343085@bugs.debian.org (full text, mbox):

From: Micha Lenk <micha@lenk.info>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: Florian Weimer <fw@deneb.enyo.de>, Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Fri, 15 Sep 2006 09:55:58 +0200
Hi,

On Mon, Jan 30, 2006 at 01:36:18AM +0100, Sven Hartge wrote:
> Florian Weimer wrote:
> > Marc Haber:
> 
> >>> On my server the entropy ist only "168" could this be the cause of a 
> >>> GNUTLS problem?
> 
> >> Yes. exim will wait (and block) until there is enough entropy available 
> >> to initialize the TLS session.
> 
> > According to my tests, it doesn't.  After some discussion with the GNU 
> > TLS developers, I think it does the right thing and reads from 
> > /dev/urandom only.
> 
> Are you sure?
> 
> When the exim on my server blocked due to lack of entropy, I had about 100 
> processes trying to access /dev/random (at least lsof said so).

I now struggled about the same problem here: Exim hangs
after STARTTLS in outgoing connections. I observed this behaviour with
exim4-heavy-daemon 4.50-8sarge2 and 4.62-0bpo1 equally.

What strikes me: Usually my mailserver is simply working fine. But every
morning at more or less 6:25 AM (apparently after logrotation) it tends
to hang. May be this gives a hint how to trigger this bug.

The bug first ocurred after I switched to a new machine, which is now
running a 2.6.17.5 kernel (previous was a 2.4.something - I don't know,
can't figure out anymore).

Do you think a downgrade to a Debian Sarge kernel might help?

What else could I try?

Have a nice day
  Micha



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #209 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Micha Lenk <micha@lenk.info>
Cc: Florian Weimer <fw@deneb.enyo.de>, 343085@bugs.debian.org, Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Fri, 15 Sep 2006 10:05:38 +0200
On Fri, Sep 15, 2006 at 09:55:58AM +0200, Micha Lenk wrote:
> I now struggled about the same problem here: Exim hangs
> after STARTTLS in outgoing connections. I observed this behaviour with
> exim4-heavy-daemon 4.50-8sarge2 and 4.62-0bpo1 equally.
> 
> What strikes me: Usually my mailserver is simply working fine. But every
> morning at more or less 6:25 AM (apparently after logrotation) it tends
> to hang. May be this gives a hint how to trigger this bug.

In the daily cron job, the diffie-hellman parameter file is deleted
and exim tries to regenerate it on the next TLS connection
initialization.

Starting with exim4 4.52-2, if the gnutls-bin package is installed,
the dh-parameters are generated asynchronously and only replaced after
new ones have been successfully generated. This will still starve your
entropy (since GnuTLS is very uneconomically using the entropy), but
exim will continue using the old dh parameters until the new ones have
been generated.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Micha Lenk <micha@lenk.info>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #214 received at 343085@bugs.debian.org (full text, mbox):

From: Micha Lenk <micha@lenk.info>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Fri, 15 Sep 2006 10:28:20 +0200
Hi,

Marc Haber schrieb:
> On Fri, Sep 15, 2006 at 09:55:58AM +0200, Micha Lenk wrote:
>> I now struggled about the same problem here: Exim hangs
>> after STARTTLS in outgoing connections. I observed this behaviour with
>> exim4-heavy-daemon 4.50-8sarge2 and 4.62-0bpo1 equally.
>> 
>> What strikes me: Usually my mailserver is simply working fine. But every
>> morning at more or less 6:25 AM (apparently after logrotation) it tends
>> to hang. May be this gives a hint how to trigger this bug.
> 
> In the daily cron job, the diffie-hellman parameter file is deleted
> and exim tries to regenerate it on the next TLS connection
> initialization.
> 
> Starting with exim4 4.52-2, if the gnutls-bin package is installed,
> the dh-parameters are generated asynchronously and only replaced after
> new ones have been successfully generated. This will still starve your
> entropy (since GnuTLS is very uneconomically using the entropy), but
> exim will continue using the old dh parameters until the new ones have
> been generated.

Maybe this should be documented in NEWS.Debian or even README.Debian. 
Shouldn't it?

Thanks for the hint anyway...

Have a nice day
  Micha




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #219 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, info@j-pfennig.de, fw@deneb.enyo.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, wildfire@progsoc.org, jas@gnutls.org, nmav@gnutls.org
Subject: Re: tagging 343085
Date: Wed, 11 Jul 2007 08:13:54 +0200
user exim4@packages.debian.org
usertags #338319 close-20071031
usertags #343085 close-20071031
thanks

Hi,

about a year after we implemented some measures to avoid the entropy
issue, the bug has not been reported again in a long time. This leads
me to the conclusion that the issue does not occur any more.

Can you guys please confirm this? I'd like to close these bugs by the
end of October 2007 if the issue does not occur for you.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to "Anand Kumria" <wildfire@progsoc.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #227 received at 343085@bugs.debian.org (full text, mbox):

From: "Anand Kumria" <wildfire@progsoc.org>
To: "Marc Haber" <mh+debian-packages@zugschlus.de>
Cc: 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, info@j-pfennig.de, fw@deneb.enyo.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, jas@gnutls.org, nmav@gnutls.org
Subject: Re: tagging 343085
Date: Fri, 27 Jul 2007 22:37:55 +1000
On 7/11/07, Marc Haber <mh+debian-packages@zugschlus.de> wrote:
> user exim4@packages.debian.org
> usertags #338319 close-20071031
> usertags #343085 close-20071031
> thanks
>
> Hi,
>
> about a year after we implemented some measures to avoid the entropy
> issue, the bug has not been reported again in a long time. This leads
> me to the conclusion that the issue does not occur any more.

Certainly it occurs for me still.

Is the fix you are talking about in the stable version (4.63-17) or a
later testing version?

Thanks,
Anand



Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #235 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: "Anand Kumria" <wildfire@progsoc.org>
Cc: "Marc Haber" <mh+debian-packages@zugschlus.de>, 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, info@j-pfennig.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, jas@gnutls.org, nmav@gnutls.org
Subject: Re: tagging 343085
Date: Fri, 27 Jul 2007 14:45:53 +0200
* Anand Kumria:

>> about a year after we implemented some measures to avoid the entropy
>> issue, the bug has not been reported again in a long time. This leads
>> me to the conclusion that the issue does not occur any more.
>
> Certainly it occurs for me still.

It has been fixed in version 4.63-4.  Could you show lsof and strace
output from blocking Exim processes?



Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #243 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: "Anand Kumria" <wildfire@progsoc.org>
Cc: "Marc Haber" <mh+debian-packages@zugschlus.de>, 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, info@j-pfennig.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, jas@gnutls.org, nmav@gnutls.org
Subject: Re: tagging 343085
Date: Fri, 03 Aug 2007 12:05:57 +0200
* Florian Weimer:

> * Anand Kumria:
>
>>> about a year after we implemented some measures to avoid the entropy
>>> issue, the bug has not been reported again in a long time. This leads
>>> me to the conclusion that the issue does not occur any more.
>>
>> Certainly it occurs for me still.
>
> It has been fixed in version 4.63-4.  Could you show lsof and strace
> output from blocking Exim processes?

Ping.  Are you absolutely sure that you still suffer from this bug?



Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Jose Calhariz <jose.calhariz@tagus.ist.utl.pt>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #251 received at 343085@bugs.debian.org (full text, mbox):

From: Jose Calhariz <jose.calhariz@tagus.ist.utl.pt>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Anand Kumria <wildfire@progsoc.org>, Marc Haber <mh+debian-packages@zugschlus.de>, 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, info@j-pfennig.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, jas@gnutls.org, nmav@gnutls.org
Subject: Re: tagging 343085
Date: Fri, 3 Aug 2007 20:23:55 +0100
[Message part 1 (text/plain, inline)]
On Fri, Aug 03, 2007 at 12:05:57PM +0200, Florian Weimer wrote:
> * Florian Weimer:
> 
> > * Anand Kumria:
> >
> >>> about a year after we implemented some measures to avoid the entropy
> >>> issue, the bug has not been reported again in a long time. This leads
> >>> me to the conclusion that the issue does not occur any more.
> >>
> >> Certainly it occurs for me still.
> >
> > It has been fixed in version 4.63-4.  Could you show lsof and strace
> > output from blocking Exim processes?
> 
> Ping.  Are you absolutely sure that you still suffer from this bug?
> 

Thank for your contact.

With recent kernels on Debian sarge or running Debian etch I didn't
have more problems with lack of entropy in general or exim stopping to
send emails.  So I don't have more problems with exim4.  

I can't confirm if your changes solved my problem or I have solved the
by upgrading of the kernel.

    José Calhariz



-- 
P.S. [En_US] The sig below is from my random sig-generator, which strangely
often seems to pick signatures which are apropriate to the message at
hand!

P.S. [Pt_Pt] A assinatura em baixo é do gerador aleatório de
assinaturas, que estranhamente, escolhe com frequência assinaturas que
parecem apropriadas ao email!
--

A amizade é um amor que nunca morre.

--Mário Quintana
[signature.asc (application/pgp-signature, inline)]

Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Micha Lenk <micha@lenk.info>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #259 received at 343085@bugs.debian.org (full text, mbox):

From: Micha Lenk <micha@lenk.info>
To: Marc Haber <mh+0636mail@zugschlus.de>, 343085@bugs.debian.org
Subject: Re: tagging 343085
Date: Fri, 10 Aug 2007 01:38:13 +0200
Hi,

Marc Haber wrote:
> On Fri, Jul 13, 2007 at 08:00:57PM +0200, Micha Lenk wrote:
>> Marc Haber schrieb:
>> > about a year after we implemented some measures to avoid the entropy
>> > issue, the bug has not been reported again in a long time. This leads
>> > me to the conclusion that the issue does not occur any more.
>> 
>> The counter measure that I implemented as suggested was to install the
>> package gnutls-bin. Now, as the package gnutls-bin is only a Suggests:
>> dependency (not a Recommends:) - should I check whether the problems
>> occur with having package gnutls-bin removed again?
> 
> If you want to, please do so. I'd like to know how low-entropy systems
> behave now so that I can give better support to users.

Some days ago I upgraded to Debian etch and purged the package
gnutls-bin. Since then and up to now no entropy issues occured at my server.

Thank you for your support.

  Micha



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #264 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Anand Kumria <wildfire@progsoc.org>
Cc: Florian Weimer <fw@deneb.enyo.de>, 338319@bugs.debian.org, 338319-submitter@bugs.debian.org, Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, info@j-pfennig.de, sven@svenhartge.de, micha@lenk.info, fgkoehler@openunix.de, laurent@komite.net, jose.calhariz@tagus.ist.utl.pt, bcollins@ubuntu.com, jas@gnutls.org, nmav@gnutls.org
Subject: Re: Bug#338319: tagging 343085
Date: Wed, 31 Oct 2007 21:43:10 +0100
On Fri, Aug 03, 2007 at 12:05:57PM +0200, Florian Weimer wrote:
> * Florian Weimer:
> > * Anand Kumria:
> >>> about a year after we implemented some measures to avoid the entropy
> >>> issue, the bug has not been reported again in a long time. This leads
> >>> me to the conclusion that the issue does not occur any more.
> >>
> >> Certainly it occurs for me still.
> >
> > It has been fixed in version 4.63-4.  Could you show lsof and strace
> > output from blocking Exim processes?
> 
> Ping.  Are you absolutely sure that you still suffer from this bug?

Ping again. Please show lsof and strace output from blocking Exim
processes.

I'll close this bug by the end of November 2007 otherwise.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #272 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Sven Hartge <sven@svenhartge.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org
Cc: Florian Weimer <fw@deneb.enyo.de>, Andreas Metzler <ametzler@downhill.at.eu.org>, Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 31 Oct 2007 21:57:50 +0100
On Mon, Jan 30, 2006 at 10:16:57PM +0100, Sven Hartge wrote:
> Here is what I did:
> 
> 1) Downgraded exim4, exim4-base, exim4-config and exim4-daemon-heavy to 
>    the version from Sarge (4.50-8).
> 
> 2) Waited for the gnutls-params file to reappear.
> 
> 3) (in another ssh session)
>    while true; do cat /proc/sys/kernel/random/entropy_avail; sleep 0.2; 
>      done
> 
> 4) waited until the entropy pool refilled itself
> 
> 5) used an external server to send an encrypted mail to me:
> 
> 3368
> 3372
> 129
> 140
> 140

I can still reproduce this on current sid and have filed bug #448775
against libgnutls13.

However, this does _not_ block exim, I was able to send ten more
messages while entropy stayed firmly below 150. I suspect that current
gnutls has some safety measure that makes it use lesser quality
entropy after taking all of the good stuff.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #280 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org
Cc: Sven Hartge <sven@svenhartge.de>, Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 31 Oct 2007 22:01:07 +0100
On Mon, Jan 30, 2006 at 11:02:14PM +0100, Florian Weimer wrote:
> The entropy consumption is really a libgcrypt issue

I didn't find anything filed against libgcrypt issue. Would it be a
good idea to clone #448775 to libgcrypt11?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Sven Hartge <sven@svenhartge.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #288 received at 343085@bugs.debian.org (full text, mbox):

From: Sven Hartge <sven@svenhartge.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org, Florian Weimer <fw@deneb.enyo.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 31 Oct 2007 22:20:25 +0100
Marc Haber wrote:
> On Mon, Jan 30, 2006 at 10:16:57PM +0100, Sven Hartge wrote:
>> Here is what I did:
>>
>> 1) Downgraded exim4, exim4-base, exim4-config and exim4-daemon-heavy to 
>>    the version from Sarge (4.50-8).
>>
>> 2) Waited for the gnutls-params file to reappear.
>>
>> 3) (in another ssh session)
>>    while true; do cat /proc/sys/kernel/random/entropy_avail; sleep 0.2; 
>>      done
>>
>> 4) waited until the entropy pool refilled itself
>>
>> 5) used an external server to send an encrypted mail to me:
>>
>> 3368
>> 3372
>> 129
>> 140
>> 140
> 
> I can still reproduce this on current sid and have filed bug #448775
> against libgnutls13.
> 
> However, this does _not_ block exim, I was able to send ten more
> messages while entropy stayed firmly below 150. I suspect that current
> gnutls has some safety measure that makes it use lesser quality
> entropy after taking all of the good stuff.

Right. Right now am not able to make exim4 block after entropy
exhaustion. (But for other reasons [extremely poor handling of
/etc/ssl/certs by gnutls, especially if there are many certificates
located in there.] I switched to recompiled exim4s with OpenSSL support
for all my machines.)

As far as my fuzzy memory recalls there has been a fixup to exim4 to not
use a special cipher/encryption method/foobar which caused it to use
/dev/random instead of /dev/urandom.

And if I really remember correctly, it was Florian who analyzed the code
back then and proposed this fix.

S°

-- 
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #293 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Sven Hartge <sven@svenhartge.de>
Cc: 343085@bugs.debian.org, Florian Weimer <fw@deneb.enyo.de>, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 31 Oct 2007 22:24:55 +0100
On Wed, Oct 31, 2007 at 10:20:25PM +0100, Sven Hartge wrote:
> As far as my fuzzy memory recalls there has been a fixup to exim4 to not
> use a special cipher/encryption method/foobar which caused it to use
> /dev/random instead of /dev/urandom.

That was RSAEXPORT which was removed and helped fixing the blocking
issues when regenerating the dh-params file.

IIRC.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #298 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: Sven Hartge <sven@svenhartge.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, Andreas Metzler <ametzler@downhill.at.eu.org>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Wed, 31 Oct 2007 22:27:07 +0100
* Marc Haber:

> However, this does _not_ block exim, I was able to send ten more
> messages while entropy stayed firmly below 150.

Yes, this is a consequence of the RSA_EXPORT change.




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #306 received at 343085@bugs.debian.org (full text, mbox):

From: Florian Weimer <fw@deneb.enyo.de>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 01 Nov 2007 00:56:21 +0100
* Marc Haber:

> I didn't find anything filed against libgcrypt issue. Would it be a
> good idea to clone #448775 to libgcrypt11?

A wishlist bug for some random number generator involving a SHA-1'ed
counter or something similar might be useful (Sun's JCE is an example of
this design).  No need to clone this bug and its history, though.




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #314 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Marc Haber <mh+debian-packages@zugschlus.de>, 343085@bugs.debian.org, 343085-submitter@bugs.debian.org, Sven Hartge <sven@svenhartge.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 1 Nov 2007 10:44:05 +0100
On Thu, Nov 01, 2007 at 12:56:21AM +0100, Florian Weimer wrote:
> A wishlist bug for some random number generator involving a SHA-1'ed
> counter or something similar might be useful (Sun's JCE is an example of
> this design).  No need to clone this bug and its history, though.

#448825

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #322 received at 343085@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 343085@bugs.debian.org
Cc: Sven Hartge <sven@svenhartge.de>, 343085-submitter@bugs.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 1 Nov 2007 10:46:38 +0100
On 2007-10-31 Marc Haber <mh+debian-packages@zugschlus.de> wrote:
[...]
> However, this does _not_ block exim, I was able to send ten more
> messages while entropy stayed firmly below 150. I suspect that current
> gnutls has some safety measure that makes it use lesser quality
> entropy after taking all of the good stuff.

Iirc gcrypt simply reads from /dev/urandom in this cae. This depletes
entropy the same way reading from /dev/random does.
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #330 received at 343085@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Andreas Metzler <ametzler@downhill.at.eu.org>, 343085@bugs.debian.org
Cc: Sven Hartge <sven@svenhartge.de>, 343085-submitter@bugs.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 1 Nov 2007 14:50:24 +0100
On Thu, Nov 01, 2007 at 10:46:38AM +0100, Andreas Metzler wrote:
> On 2007-10-31 Marc Haber <mh+debian-packages@zugschlus.de> wrote:
> > However, this does _not_ block exim, I was able to send ten more
> > messages while entropy stayed firmly below 150. I suspect that current
> > gnutls has some safety measure that makes it use lesser quality
> > entropy after taking all of the good stuff.
> 
> Iirc gcrypt simply reads from /dev/urandom in this cae. This depletes
> entropy the same way reading from /dev/random does.

so, urandom first depletes the "real" entropy and then continues on a
PRNG after using all real stuff?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #338 received at 343085@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 343085@bugs.debian.org
Cc: Sven Hartge <sven@svenhartge.de>, 343085-submitter@bugs.debian.org, Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Date: Thu, 1 Nov 2007 17:42:20 +0100
On 2007-11-01 Marc Haber <mh+debian-packages@zugschlus.de> wrote:
> On Thu, Nov 01, 2007 at 10:46:38AM +0100, Andreas Metzler wrote:
[...]
> > Iirc gcrypt simply reads from /dev/urandom in this cae. This depletes
> > entropy the same way reading from /dev/random does.

> so, urandom first depletes the "real" entropy and then continues on a
> PRNG after using all real stuff?

I think so, yes:

ametzler@argenau:~$ cat /proc/sys/kernel/random/entropy_avail ; \
   time dd if=/dev/urandom bs=1M of=/dev/null count=5 ; \
   cat /proc/sys/kernel/random/entropy_avail
3256
5+0 Datensätze ein
5+0 Datensätze aus
5242880 Bytes (5,2 MB) kopiert, 0,916788 Sekunden, 5,7 MB/s

real   0m0.918s
user   0m0.000s
sys 0m0.920s
188

There might be some small amount reserved for /dev/random, I cannot
completely deplete /proc/sys/kernel/random/entropy_avail by
cat /dev/urandom > /dev/null
it does not get below something like 130.

cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Message sent on to Dr. Jürgen Pfennig <info@j-pfennig.de>:
Bug#343085. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 02 Jan 2008 07:27:04 GMT) Full text and rfc822 format available.

Bug unarchived. Request was from Florian Weimer <fw@deneb.enyo.de> to control@bugs.debian.org. (Fri, 04 Jan 2008 13:22:33 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #350 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: Simon Josefsson <simon@josefsson.org>
Cc: Florian Weimer <fweimer@bfk.de>, gcrypt-devel@gnupg.org, gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Fri, 04 Jan 2008 14:45:00 +0100
On Fri,  4 Jan 2008 13:41, simon@josefsson.org said:

> We could consider doing something like that in gnutls too, to help
> applications avoid having to do it themselves.  However, the
> documentation on UPDATE_SEED seems somewhat discouraging.  I'm not sure

Let's say this description is very conservative and mostly written for
security evaluations.  The "up to 16 bytes of weak random " is not even
correct for Linux because there we will always read 16 bytes from
/dev/urandom and thus the whole theoretical attack won't work.  I'll
revise the description a bit.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Guus Sliepen <guus@debian.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #355 received at 343085@bugs.debian.org (full text, mbox):

From: Guus Sliepen <guus@debian.org>
To: gnutls-devel@gnu.org
Cc: 343085@bugs.debian.org
Subject: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Sat, 5 Jan 2008 14:17:25 +0100
[Message part 1 (text/plain, inline)]
On Fri, Jan 04, 2008 at 10:48:48AM +0100, Andreas Metzler wrote:

> When acting as a server gnutls pulls that much data from /dev/urandom
> that entropy available for /dev/random is down to its minimum
> safeguard. ((it is not possible to completely deplete /dev/random by
> reading from /dev/urandom in current kernels)
> 
> ametzler@argenau:~$ cat /proc/sys/kernel/random/entropy_avail && gnutls-serv --x
> 509keyfile /tmp/CERT/exim.key --x509certfile /tmp/CERT/exim.crt & sleep 1 &&  ca
> t /proc/sys/kernel/random/entropy_avail
> [1] 5356
> 3591
> Echo Server ready. Listening to port '5556'.
> 139
> 
> 
> ametzler@argenau:~$ cat /proc/sys/kernel/random/entropy_avail && openssl s_serve
> r -cert /tmp/CERT/exim.crt -key /tmp/CERT/exim.key -accept 5556 & sleep 1 &&  cat /proc/sys/kernel/random/entropy_avail
> [1] 7139
> 3596
> [...]
> 3361

Just FYI: I used strace on openssl s_server -nocert and gnutls-serv, and
I noticed the following:

"openssl s_server" reads 32 bytes from /dev/urandom

"gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!

It is no wonder that when strong random data is required later on, the
entropy pool is completely empty with gnutls-serv. For example, if I
just start "gnutls-serv -g", it will always block while trying to read
300 bytes from an empty /dev/random in order to generate temporary RSA
parameters.

I also noticed that on my machine, /proc/sys/kernel/random/entropy_avail
never exceeds 3600, so by reading 300 bytes, you're using 2/3 of a full
pool.

-- 
Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #360 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: Guus Sliepen <guus@debian.org>
Cc: gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 10:53:50 +0100
On Sat,  5 Jan 2008 14:17, guus@debian.org said:

> "gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!

Run

  gcry_control (GCRYCTL_DUMP_RANDOM_STATS);

to get statistics about libgcrypt's RNG.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #365 received at 343085@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Werner Koch <wk@gnupg.org>
Cc: Guus Sliepen <guus@debian.org>, gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 11:03:21 +0100
Werner Koch <wk@gnupg.org> writes:

> On Sat,  5 Jan 2008 14:17, guus@debian.org said:
>
>> "gnutls-serv" reads 3000 times 120 bytes from /dev/urandom, yes, 360 kilobytes!
>
> Run
>
>   gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
>
> to get statistics about libgcrypt's RNG.

How should I interpret the following output?

random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
              outmix=3 getlvl1=3/136 getlvl2=0/0

This is from a typical usage of gnutls-cli against a SMTP server
negotiating STARTTLS and then shutting down the connection.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #370 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: Simon Josefsson <simon@josefsson.org>
Cc: Guus Sliepen <guus@debian.org>, gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 11:59:29 +0100
On Tue,  8 Jan 2008 11:03, simon@josefsson.org said:

> random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
>               outmix=3 getlvl1=3/136 getlvl2=0/0

- The random pool has been mixed 621 times.

- The slow random poll function has been called 3000 times to fill and
  update the random poll.  Under Linux each call reads 120 bytes from
  /dev/urandom.

- The fast random poll function has been called 117 times.  Under Linux
  this adds just a few bytes from timer ticks and resource statistics.

- There have been 3588 calls to the function adding random to the pool
  with a total of 370308 bytes added.

- The intermediate pool to extrac random has been moxed 3 times.

- The RNG has been asked 3 times to return a total of 136 bytes of
  random. 

Lets try with gpg using libgcrypt 1.4.1-svn1277:

  $ gpg2 --gen-random -a --debug 128 1 136
  random usage: poolsize=600 mixed=4 polls=0/2 added=17/812
                outmix=3 getlvl1=2/136 getlvl2=0/0

  $ rm ~/.gnupg/random_seed
  $ gpg2 --gen-random -a --debug 128 1 136
  random usage: poolsize=600 mixed=603 polls=3000/2 added=3012/360184
                outmix=3 getlvl1=2/136 getlvl2=0/0

This clearly shows that the missing random_seed is the culprit.  (The
117 fast polls in gnutls-cli are due to the use of other crypto
functions which issue calls to the fast polls.)

Anyway there 3000 calls to /dev/urandom are far too many for an initial
pool filling.  I need to check this.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #375 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: Simon Josefsson <simon@josefsson.org>
Cc: Guus Sliepen <guus@debian.org>, gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 12:39:02 +0100
On Tue,  8 Jan 2008 11:59, wk@gnupg.org said:

> Anyway there 3000 calls to /dev/urandom are far too many for an initial
> pool filling.  I need to check this.

Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

2008-01-08  Werner Koch  <wk@g10code.com>

	* random.c (add_randomness): Do not just increment
	POOL_FILLED_COUNTER but update it by the actual amount of data.

Index: cipher/random.c
===================================================================
--- cipher/random.c	(revision 1277)
+++ cipher/random.c	(working copy)
@@ -1115,6 +1115,7 @@
 add_randomness (const void *buffer, size_t length, enum random_origins origin)
 {
   const unsigned char *p = buffer;
+  size_t count = 0;
 
   assert (pool_is_locked);
 
@@ -1123,6 +1124,7 @@
   while (length-- )
     {
       rndpool[pool_writepos++] ^= *p++;
+      count++;
       if (pool_writepos >= POOLSIZE )
         {
           /* It is possible that we are invoked before the pool is
@@ -1132,7 +1134,9 @@
              separately.  See also the remarks about the seed file. */
           if (origin >= RANDOM_ORIGIN_SLOWPOLL && !pool_filled)
             {
-              if (++pool_filled_counter >= POOLSIZE)
+              pool_filled_counter += count;
+              count = 0;
+              if (pool_filled_counter >= POOLSIZE)
                 pool_filled = 1;
             }
           pool_writepos = 0;


Also commited to SVN.  Old and new stats:

$ LD_PRELOAD=/usr/local/lib/libgcrypt.so ./benchmark --verbose random
random       130ms    30ms
random usage: poolsize=600 mixed=972 polls=3000/200 added=4200/378400
              outmix=200 getlvl1=200/13600 getlvl2=0/0

$ ./benchmark --verbose random
random        40ms    30ms
random usage: poolsize=600 mixed=377 polls=25/200 added=1225/21400
              outmix=200 getlvl1=200/13600 getlvl2=0/0



Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #380 received at 343085@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Guus Sliepen <guus@debian.org>
Cc: gnutls-devel@gnu.org, 343085@bugs.debian.org, gcrypt-devel@gnupg.org
Subject: Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 17:16:02 +0100
Werner Koch <wk@gnupg.org> writes:

> On Tue,  8 Jan 2008 11:59, wk@gnupg.org said:
>
>> Anyway there 3000 calls to /dev/urandom are far too many for an initial
>> pool filling.  I need to check this.
>
> Found it.  The bug was introduced with libgcrypt 1.3.1.  Here is a patch:

Thanks.  Running gnutls-cli using libgcrypt SVN leads to:

random usage: poolsize=600 mixed=25 polls=25/113 added=593/12956
              outmix=3 getlvl1=3/136 getlvl2=0/0

Compared to the old situation:

random usage: poolsize=600 mixed=621 polls=3000/117 added=3588/370308
              outmix=3 getlvl1=3/136 getlvl2=0/0

So we have reduced /dev/urandom consumption from 3000*120=360kb to
25*120=3kb, right?  Strace also confirms the latter amount.  That's
good.

Still, 3kb per TLS connection is excessive, so I still recommend exim to
set a libgcrypt seeds file to solve the problem.

Thanks,
/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #385 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: Simon Josefsson <simon@josefsson.org>
Cc: Guus Sliepen <guus@debian.org>, gcrypt-devel@gnupg.org, gnutls-devel@gnu.org, 343085@bugs.debian.org
Subject: Re: [patch] Re: Bug#448775: Uses too much entropy (Debian Bug #343085)
Date: Tue, 08 Jan 2008 19:13:52 +0100
On Tue,  8 Jan 2008 17:16, simon@josefsson.org said:

> Still, 3kb per TLS connection is excessive, so I still recommend exim to
> set a libgcrypt seeds file to solve the problem.

Yes, definitely.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #390 received at 343085@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: gnutls-devel@gnu.org
Cc: gcrypt-devel@gnupg.org, 343085@bugs.debian.org
Subject: Re: [patch] Uses too much entropy (Debian Bug #343085)
Date: Sun, 20 Jan 2008 18:10:51 +0100
On 2008-01-08 Werner Koch <wk@gnupg.org> wrote:
> On Tue,  8 Jan 2008 17:16, simon@josefsson.org said:

> > Still, 3kb per TLS connection is excessive, so I still recommend exim to
> > set a libgcrypt seeds file to solve the problem.

> Yes, definitely.

I gues it is not a god idea to share this seed file between multiple
hosts accessing a central mailq queue. Is this this assumption correct?
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#343085; Package exim4. Full text and rfc822 format available.

Acknowledgement sent to Werner Koch <wk@gnupg.org>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #395 received at 343085@bugs.debian.org (full text, mbox):

From: Werner Koch <wk@gnupg.org>
To: gnutls-devel@gnu.org
Cc: gcrypt-devel@gnupg.org, 343085@bugs.debian.org
Subject: Re: [patch] Uses too much entropy (Debian Bug #343085)
Date: Mon, 21 Jan 2008 13:07:01 +0100
On Sun, 20 Jan 2008 18:10, ametzler@downhill.at.eu.org said:

> I gues it is not a god idea to share this seed file between multiple
> hosts accessing a central mailq queue. Is this this assumption correct?

Yes.  You better avoid that if possible.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Feb 2008 07:29:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 07:50:37 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.