[Pkg-openssl-devel] Bug#115767: I see this too on x86 user-mode-linux on etch

[Bernhard M. Wiedemann]

Hi,

I am running several virtual machines (currently using 2.6.24.2) with user-mode-linux (UML) and am seeing the very same problem repeatedly.
Mar 25 06:00:05 uml12d sshd[28619]: fatal: Couldn't obtain random bytes (error 604389476)
after a dictionary attack with 5 tries per second.
I straced the normal connection procedure with strace -o sshd.strace -f -p 11541 and found:

11736 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
11736 fstat64(3, {st_mode=S_IFCHR|0644, st_rdev=makedev(1, 9), ...}) = 0
11736 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 10) = 1
11736 read(3, "\342\224\2443\314cVK\325\331I\322?=zEa\324u\276\2\f\361\2618p\3217\n\201x\210", 32) = 32
11736 close(3)

The "poll" is probably there to prevent blocking of /dev/random but maybe there are conditions that cause it to return something other than "1" here?

I am seeing a common pattern here: mips, xen, uml... are all platforms that have few real entropy sources like HDDs and thus are more prone to running out of entropy.


On a related note:
I saw openvpn failing on openSUSE-10.3 this morning and it looks very similar:
Tue Mar 25 09:05:24 2008 key/87.185.50.159:1194 ERROR: Random number generator cannot obtain entropy for key generation [SSL]
Tue Mar 25 09:05:24 2008 key/87.185.50.159:1194 Exiting

So maybe it is a kernel bug? Or do those programs fail to check for some normal return value?
I guess, you could speed up triggering this bug by manually emptying the entropy pool with cat /dev/random > /dev/null


Ciao
Bernhard M.