On Fri, May 25, 2001 at 09:50:09AM -0400, David Edward Shapiro wrote:
> I am fairly familiar now with how to configure using either egd or prngd
> because I have been trying to get this to work for weeks now. It was last
> configured with prngd and I tested prgnd with egc.pl /var/run/egd-pool read
> 255 and that worked fine. I ran truss, which watches library calls and
> other things (ports accessed, permissions on open files, etc.) and saw it
> get to the point where it just cycles through the getpid() and time()
> forever. If I kill -1 ssh-keygen (yes, ssh-keygen) it skips past the dsa
> key generation and completes the rsa key generation fine. I would need to
> know from the code or somebody familiar with the code why it might be
> cycling through these two function calls forever.
It is hard to say from here, what is going on. getpid() and time() are used
inside RAND_poll() (openssl/crypto/rand/rand_win.c; don't care about the file
name, it also includes code for the Unix-platforms). RAND_poll() is only
called once:
if (!initialized)
{
RAND_poll();
initialized = 1;
}
If it would be an error within OpenSSL (in which case it would be caused
by a compiler bug, as the sequence above will hardly fail), it would be
in the OpenSSL PRNG and therefore would be triggered every time random
numbers are requested, so it would also fail in the RSA case.
I therefore rule out OpenSSL.
Consequently the problem should be located in OpenSSH. I did a grep for
getpid() in the OpenSSH-2.9p1 source and the most probable place seems
to be entropy.c:stir_from_system(). You should however see more calls
like getuid(), getgid()... Also, stir_from_system() is called once from
seed_rng() which is called once from ssh-keygen.c:main(). I don't see
a loop that would cause the symptoms described.
I am running ssh-keygen successfully on Linux... I just try to run it on
HP-UX: it is hanging. (All dsa keys for HP-UX have been generated long
time ago, so I didn't use -t dsa lately.) It doesn't show symptoms like
yours... Ah, there it is, after 3-4 minutes.
[Recompiling with -g... It is working in DSA_generate_paramters... and
succeeding at some point in time..]
Therefore I cannot reproduce your symptoms and I don't see another option
than to recompile with -g and run it under a debugger to see where it
is looping.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
