Debian Bug report logs - #88728
openssl: usage of /dev/random should be possible

version graph

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Robert Bihlmeyer <robbe@orcus.priv.at>

Date: Tue, 6 Mar 2001 11:08:52 UTC

Severity: normal

Found in version 0.9.6-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>:
Bug#88728; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Robert Bihlmeyer <robbe@orcus.priv.at>:
New Bug report received and forwarded. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Robert Bihlmeyer <robbe@orcus.priv.at>
To: submit@bugs.debian.org
Subject: openssl: usage of /dev/random should be possible
Date: Tue, 6 Mar 2001 12:06:26 +0100 (CET)
Package: openssl
Version: 0.9.6-1
Severity: normal

For libssl, /dev/urandom is probably the right default, as it can be
used in circumstances with a time-security-tradeoff (e.g. webserver).

OTOH, "openssl" has no time constraints, and needs maximum security -
think: creation of a new CA key. Usage of /dev/random should be an
option or even the default for Linux[1]. Unfortunately, it's not
possible to just set RANDFILE to "/dev/random" (via environment or
config file), because openssl then wants to read the *whole* file ...
a Sisyphus task.


[1] hurd-i386 does not provide /dev/*random, yet.

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux hoss 2.4.1ea-hoss #1 Mon Feb 19 11:53:50 CET 2001 i686 unknown

Versions of the packages openssl depends on:
ii  libc6          2.2.2-1        GNU C Library: Shared libraries and Timezone
ii  libssl096      0.9.6-1        SSL shared libraries
ii  perl           5.6.0-20       Larry Wall's Practical Extracting and Report
	^^^ (Provides virtual package perl5)



Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#88728; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Jason Cormie <jason@wormwood666.demon.co.uk>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 88728@bugs.debian.org (full text, mbox):

From: Jason Cormie <jason@wormwood666.demon.co.uk>
To: Debian Bug Tracking System <88728@bugs.debian.org>
Subject: openssl: fixed ages ago in 0.9.7
Date: Wed, 12 Mar 2008 21:04:54 +0000
Package: openssl
Followup-For: Bug #88728


in the openssl changelog it says that 0.9.7 had the ability to try
/dev/random if it didnt find /dev/urandom

http://www.openssl.org/news/changelog.html

 *) Change the Unix RAND_poll() variant to be able to poll several
    random devices, as specified by DEVRANDOM, until a sufficient
    amount of data has been collected.   We spend at most 10 ms on each
    file (select timeout) and read in non-blocking mode.
    DEVRANDOM now defaults to the list "/dev/urandom", "/dev/random",
    "/dev/srandom" (previously it was just the string "/dev/urandom"), so on typical
    platforms the 10 ms delay will never occur.

I assume this means the bug can be closed



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssl depends on:
ii  libc6                  2.7-6             GNU C Library: Shared libraries
ii  libssl0.9.8            0.9.8g-4          SSL shared libraries
ii  zlib1g                 1:1.2.3.3.dfsg-11 compression library - runtime

openssl recommends no packages.

-- debconf-show failed

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#88728; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 88728@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Jason Cormie <jason@wormwood666.demon.co.uk>, 88728@bugs.debian.org, "Package Development List for OpenSSL packages." <pkg-openssl-devel@lists.alioth.debian.org>
Subject: Re: [Pkg-openssl-devel] Bug#88728: openssl: fixed ages ago in 0.9.7
Date: Sat, 15 Mar 2008 17:58:24 +0100
On Wed, Mar 12, 2008 at 09:04:54PM +0000, Jason Cormie wrote:
> Package: openssl
> Followup-For: Bug #88728
> 
> 
> in the openssl changelog it says that 0.9.7 had the ability to try
> /dev/random if it didnt find /dev/urandom
> 
> http://www.openssl.org/news/changelog.html
> 
>  *) Change the Unix RAND_poll() variant to be able to poll several
>     random devices, as specified by DEVRANDOM, until a sufficient
>     amount of data has been collected.   We spend at most 10 ms on each
>     file (select timeout) and read in non-blocking mode.
>     DEVRANDOM now defaults to the list "/dev/urandom", "/dev/random",
>     "/dev/srandom" (previously it was just the string "/dev/urandom"), so on typical
>     platforms the 10 ms delay will never occur.
> 
> I assume this means the bug can be closed

I don't agree.  DEVRANDOM is a compile time option.  This is something
you'd want to override in the application or maybe some environment
variable.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#88728; Package openssl. (Tue, 03 May 2011 00:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Schaefer <saschaefer@neurodiverse.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Tue, 03 May 2011 00:39:03 GMT) Full text and rfc822 format available.

Message #20 received at 88728@bugs.debian.org (full text, mbox):

From: Scott Schaefer <saschaefer@neurodiverse.org>
To: 88728@bugs.debian.org
Subject: Likely Won't Fix -- Workaround
Date: Mon, 02 May 2011 20:32:43 -0400
>>  This is something you'd want to override in the application or maybe some environment variable.

Agreed.  However, I believe there is a solid argument that the current implementation satisfies that ...

First, let me say that what I present here may be ... um ... inaccurate; i.e. 'dead wrong'.  It is based on a relatively quick reading of the applicable code, and some basic testing.

The use of the devices in DEVRANDOM list, as well as the 'well known EGD sockets' (which are tried if DEVRANDOM is empty, or none of the DEVRANDOM device(s) exists AND return enough data within specified time period), is for the SOLE PURPOSE of seeding the internal PRNG.  That is, they are used for purpose of 'sufficient initial entropy.

As of 0.9.6, most/all of the openssl subcomponents automatically attempt to use a disk-based file as the PRNG seed IN PREFERENCE to the DEVRANDOM list or the EGD sockets.

The file(s) to be used are based on settings in the configuration file.  The defaults are:
HOME      = .
RANDFILE  = $ENV::HOME/.rnd

This effectively causes the search for files to proceed as:

a) Env var RANDFILE is set, then use it,
b) Env var HOME is set, then $HOME/.rnd
c) ./.rnd

With the above in mind, if you want to use /dev/random, you simply:

dd if=/dev/random bs=1 count=1024 of=$HOME/.rnd          # count= as 
many bytes as you desire

Or alternatively:
dd if=/dev/random bs=1 count=1024 of=filename
export RANDFILE=filename

It is important to note that, when the initial entropy is read from a 
file, openssl will write back to that file exactly 1024 bytes.  This 
will then be used as the initial entropy on a subsequent openssl 
command.  Thus, if you want to use > 1024 bytes, you will need to 
re-execute dd if=/dev/random ... again.






Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 17:30:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.