Skip Menu |

This queue is for tickets about the Crypt-SMIME CPAN distribution.

Report information
The Basics
Id: 35839
Status: resolved
Priority: 0/
Queue: Crypt-SMIME
People
Owner: mikage [...] ymir.co.jp
Requestors: xrgtn [...] yandex.ru
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue May 13 09:37:24 2008 http://openid.yandex.ru/xrgtn/ - Ticket created
Subject: HP-UX: SSLEAY_RAND_BYTES:PRNG not seeded
There's no /dev/urandom device on HP-UX (neither /dev/random nor /dev/srandom), and SMIME dies with the next error: Crypt::SMIME#sign: failed to sign the message: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded at /home/xrgtn/work/smimemail/var/tmp/Crypt-SMIME-0.08/blib/lib/Crypt/SMIME.pm line 108. There's a feature in openssl called something like "transparent RAND seeding". I think it tries to load /dev/urandom on the first use of any subroutine that requires random data. Because there's no /dev/urandom on HP-UX, Crypt::SMIME need to seed RAND explicitly there (see http://www.openssl.org/support/faq.html#USER1). I don't know whether openssl's transparent seeder tries the sequence of /dev/urandom, /dev/random, /dev/srandom or only the /dev/urandom. :( I re-used code from Crypt::SSLeay, which assumes the latter (diff for Crypt::SMIME is attached). Also, you may also want additional randomness by seeding pid/ppid/uid/timeoofday (see at the bottom of openssl's RAND_poll subroutine for example). P.S. WRT trying /dev/srandom and /dev/random _before_ falling back to seeding off stack garbage -- if I happen to find The Code Of Transparent Seeder in openssl, I'll do this in my patch too. ATM I didn't find it. P.P.S. xrgtn@pluton:~/work/smimemail$ uname -a HP-UX pluton B.11.11 U 9000/800 2727209332 unlimited-user license xrgtn@pluton:~/work/smimemail$ perl -v This is perl, v5.8.8 built for PA-RISC1.1-thread-multi (with 26 registered patches, see perl -V for more detail) Copyright 1987-2006, Larry Wall Binary build 817 [257965] provided by ActiveState http://www.ActiveState.com Built Mar 20 2006 19:44:08 ...
Subject: smime_hpux_prng.diff
--- Crypt-SMIME-0.08/SMIME.xs 2007-09-25 06:39:18.000000000 +0300 +++ /home/xrgtn/pluton/work/smimemail/install/SMIME.xs 2008-05-13 09:16:02.000000000 +0300 @@ -325,10 +325,22 @@ MODULE = Crypt::SMIME PACKAGE = Crypt:: void _init(char* /*CLASS*/) CODE: + char buf[1024]; + int rand_bytes_read; + /* libcryptoの初期化 */ ERR_load_crypto_strings(); SSLeay_add_all_algorithms(); + /**** Code from Devin Heitmueller, 10/3/2002 ****/ + /**** Use /dev/urandom to seed if available ****/ + rand_bytes_read = RAND_load_file("/dev/urandom", 1024); + if (rand_bytes_read <= 0) { + /* Couldn't read /dev/urandom, just seed off + of the stack variable (the old way) */ + RAND_seed(buf, sizeof(buf)); + } + Crypt_SMIME new(char* /*CLASS*/) CODE:
  Thu Oct 02 02:21:15 2008 mikage [...] ymir.co.jp - Correspondence added
Sorry for being too late. I fixed the problem and released new version 0.09. Thank, you.
  Thu Oct 02 02:21:17 2008 The RT System itself - Status changed from 'new' to 'open'
  Thu Oct 02 02:21:17 2008 mikage [...] ymir.co.jp - Status changed from 'open' to 'resolved'
  Thu Oct 02 02:21:19 2008 mikage [...] ymir.co.jp - Given to MIKAGE