search

grke / burp

burp - backup and restore program
http://burp.grke.net
Other
485 stars 77 forks source link

error on openssl-1.1.1: random number generator:RAND_write_file:Not a regular file:crypto/rand/randfile.c:183:Filename=/dev/urandom #835

Closed vt-alt closed 4 years ago

vt-alt commented 4 years ago

First connection cannot be established due to error in burp_ca, due to error from openssl v1.1.1, due to error in generated openssl config, due to directive RANDFILE.

Example:

-bash-4.3# burp -al -v
2019-11-25 13:16:22 +0300: burp[4735] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory
2019-11-25 13:16:22 +0300: burp[4735] Could not find ssl_key /etc/burp/ssl_cert-client.key: No such file or directory
2019-11-25 13:16:22 +0300: burp[4735] Could not find ssl_cert_ca /etc/burp/ssl_cert_ca.pem: No such file or directory
2019-11-25 13:16:22 +0300: burp[4735] Connecting to backup.office:4971
2019-11-25 13:16:22 +0300: burp[4735] WARNING: w:0076:Client 'altair.office' version '2.3.16' does not match server version '2.3.14'. An upgrade is recommended.

2019-11-25 13:16:23 +0300: burp[4735] auth ok
2019-11-25 13:16:23 +0300: burp[4735] Server version: 2.3.14
2019-11-25 13:16:23 +0300: burp[4735] Server will sign a certificate request
2019-11-25 13:16:23 +0300: burp[4735] Generating SSL key and certificate signing request
2019-11-25 13:16:23 +0300: burp[4735] Running '/usr/sbin/burp_ca --key --keypath /etc/burp/ssl_cert-client.key --request --requestpath /etc/burp/CA-client/altair.office.csr --name altair.office'
generating key altair.office: /etc/burp/ssl_cert-client.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.........................+++++
..........+++++
e is 65537 (0x010001)
generating request altair.office
Cannot write random bytes:
140692730529600:error:2407007A:random number generator:RAND_write_file:Not a regular file:crypto/rand/randfile.c:183:Filename=/dev/urandom
2019-11-25 13:16:23 +0300: burp[4735] /usr/sbin/burp_ca returned: 0
2019-11-25 13:16:23 +0300: burp[4735] Sent /etc/burp/CA-client/altair.office.csr
<long pause>
2019-11-25 13:17:26 +0300: burp[4735] main socket 3: Peer closed SSL session
2019-11-25 13:17:26 +0300: burp[4735] transfer file returning: -1
2019-11-25 13:17:26 +0300: burp[4735] Received: /etc/burp/ssl_cert-client.pem.4735
2019-11-25 13:17:26 +0300: burp[4735] main socket 3: Peer closed SSL session
2019-11-25 13:17:26 +0300: burp[4735] transfer file returning: -1
2019-11-25 13:17:26 +0300: burp[4735] Received: /etc/burp/ssl_cert_ca.pem.4735
2019-11-25 13:17:26 +0300: burp[4735] Re-opening connection to backup.office:4971
2019-11-25 13:17:31 +0300: burp[4735] Can't read ssl_cert: /etc/burp/ssl_cert-client.pem
140505983319616:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
140505983319616:error:140DC009:SSL routines:use_certificate_chain_file:PEM lib:ssl/ssl_rsa.c:622:
2019-11-25 13:17:31 +0300: burp[4735] error initialising ssl ctx

ssl_cert-client.pem is left empty.

This is because generated config for openssl req have line:

RANDFILE                = /dev/urandom

Directive RANDFILE is used incorrectly in this case, see man req:

RANDFILE
       At startup the specified file is loaded into the random number generator,
       and at exit 256 bytes will be written to it. It is used for private key generation.

This file is optional and is supposed to be seed file and not sole random source. Regularity of this file check is introduced in openssl-1.1.1 (afaik).

You just don't need to use RANDFILE at all.

Thanks,

grke commented 4 years ago

Hello, Thank you for letting me know, I will try removing it.

grke commented 4 years ago

Patch merged to master, ready for the next release.

vt-alt commented 4 years ago

Great. Thanks!