[krbdev.mit.edu #1975] Strong entropy read fails on OpenBSD

The RT System itself via RT rt-comment at krbdev.mit.edu
Mon Oct 27 23:07:35 EST 2003 

>From puffy at xil.arc.rpi.edu  Mon Oct 27 23:07:30 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id XAA03944; Mon, 27 Oct 2003 23:07:30 -0500 (EST)
Received: from consultoffice.acs.rpi.edu (xil.arc.rpi.edu [128.113.164.50])
	by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id h9S47TNg005946
	for <krb5-bugs at mit.edu>; Mon, 27 Oct 2003 23:07:29 -0500 (EST)
Received: from xil.arc.rpi.edu (puffy at localhost.arc.rpi.edu [IPv6:::1])
	by consultoffice.acs.rpi.edu (8.12.10/8.12.9) with ESMTP id h9S47P8e021469
	for <krb5-bugs at mit.edu>; Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Received: (from puffy at localhost)
	by xil.arc.rpi.edu (8.12.10/8.12.9/Submit) id h9S47PuA019982;
	Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Date: Mon, 27 Oct 2003 23:07:25 -0500 (EST)
Message-Id: <200310280407.h9S47PuA019982 at xil.arc.rpi.edu>
To: krb5-bugs at mit.edu
Subject: Kerberos / OpenBSD PRNG issue
From: kempf at rpi.edu
Reply-To: kempf at rpi.edu
Cc: 
X-send-pr-version: 3.99


>Submitter-Id:	net
>Originator:	Jesse Kempf	
>Organization:
	Rensselaer Polytechnic Institute
>Confidential:	no
>Synopsis:	Strong entropy read fails on OpenBSD
>Severity:	serious
>Priority:	medium
>Category:	krb5-libs
>Class:	sw-bug
>Release:	krb5-1.3.1
>Environment:
	Pentium III 500 MHz running OpenBSD 3.4-Current (Oct 20)
	System: OpenBSD xil.arc.rpi.edu 3.4 GENERIC#0 i386


>Description:
	lib/crypto/prng.c line 197 uses /dev/random from which to acquire strong random data. OpenBSD reserves /dev/random for a hardware random number generator. This causes a failure whenever Kerberos attempts to acquire strong data on an OpenBSD system that does not have a hardware randomness generator. /dev/srandom functions in the same fashion as /dev/random on other BSDs.
>How-To-Repeat:
	Run "kdb5_util create". This fails and causes CPU usage by kdb5_util to approach 100%.
>Fix:
	Add a configure-time test to detect OpenBSD. If using OpenBSD, change:
	if (read_entropy_from_device (context, "/dev/random"))
	to:
	if (read_entropy_from_device (context, "/dev/srandom"))

More information about the krb5-bugs mailing list