DH_generate_key Hangs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

DH_generate_key Hangs

OpenSSL - User mailing list
Hi,

Need some help,  one of our application that hangs when calling
DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition.  
Not sure, if anyone know this issue ?


Thanks
Jason

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Jason Qian via openssl-users
> Sent: Wednesday, September 27, 2017 07:00
> To: [hidden email]
> Subject: [openssl-users] DH_generate_key Hangs

> Need some help,  one of our application that hangs when calling
> DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition.  
> Not sure, if anyone know this issue ?

The issue is running OpenSSL 0.9.8, which has not been supported since 2015.

DH_generate_key can use an engine (at least in supported versions of OpenSSL - I no longer have any 0.9.8 code around to check), so we really can't say what it might be doing in your application. But if it's using the default OpenSSL implementation, then if your DH parameters don't already include a private key, you'll end up generating random numbers. That can hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.

But you haven't provided nearly enough information to do more than speculate.

What you need to do:

1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes and isn't an LTS release). There's really no point in proceeding unless you do so. Your application is broken if it's using 0.9.8.

2. If the problem still occurs, debug a hanging instance and find out where *exactly* it's hung.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list

Here is the stack trace :

 libeay32.dll!RAND_poll  Normal
 [External Code]    
            
 libeay32.dll!RAND_poll() Line 523             
 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395            
 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536  


Thanks
Jason



On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <[hidden email]> wrote:
> From: openssl-users [mailto:[hidden email]] On Behalf Of Jason Qian via openssl-users
> Sent: Wednesday, September 27, 2017 07:00
> To: [hidden email]
> Subject: [openssl-users] DH_generate_key Hangs

> Need some help,  one of our application that hangs when calling
> DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition.  
> Not sure, if anyone know this issue ?

The issue is running OpenSSL 0.9.8, which has not been supported since 2015.

DH_generate_key can use an engine (at least in supported versions of OpenSSL - I no longer have any 0.9.8 code around to check), so we really can't say what it might be doing in your application. But if it's using the default OpenSSL implementation, then if your DH parameters don't already include a private key, you'll end up generating random numbers. That can hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.

But you haven't provided nearly enough information to do more than speculate.

What you need to do:

1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes and isn't an LTS release). There's really no point in proceeding unless you do so. Your application is broken if it's using 0.9.8.

2. If the problem still occurs, debug a hanging instance and find out where *exactly* it's hung.

--
Michael Wojcik
Distinguished Engineer, Micro Focus





--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Michael Wojcik

As I speculated, it appears you're hanging in random-number generation, probably due to a blocking CPRNG that can't get the entropy it needs.

 

This is an operating-system issue, and needs to be referred to your OS administrator.

 

Michael Wojcik
Distinguished Engineer, Micro Focus

 

 

 

From: Jason Qian [mailto:[hidden email]]
Sent: Thursday, October 05, 2017 08:44
To: Michael Wojcik
Cc: [hidden email]
Subject: Re: [openssl-users] DH_generate_key Hangs

 

 

Here is the stack trace :

 

 libeay32.dll!RAND_poll  Normal

 [External Code]    

            

 libeay32.dll!RAND_poll() Line 523             

 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395            

 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536  

 

 

Thanks

Jason

 

 

 

On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <[hidden email]> wrote:

> From: openssl-users [mailto:[hidden email]] On Behalf Of Jason Qian via openssl-users
> Sent: Wednesday, September 27, 2017 07:00
> To: [hidden email]
> Subject: [openssl-users] DH_generate_key Hangs

> Need some help,  one of our application that hangs when calling
> DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition.  
> Not sure, if anyone know this issue ?

The issue is running OpenSSL 0.9.8, which has not been supported since 2015.

DH_generate_key can use an engine (at least in supported versions of OpenSSL - I no longer have any 0.9.8 code around to check), so we really can't say what it might be doing in your application. But if it's using the default OpenSSL implementation, then if your DH parameters don't already include a private key, you'll end up generating random numbers. That can hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.

But you haven't provided nearly enough information to do more than speculate.

What you need to do:

1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes and isn't an LTS release). There's really no point in proceeding unless you do so. Your application is broken if it's using 0.9.8.

2. If the problem still occurs, debug a hanging instance and find out where *exactly* it's hung.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
Thanks Michael,

      I saw a lot of discussion for this issue on,
        

      Not sure if openSSL has a workaround or a patch ?


It hangs on :     

libeay32.dll!RAND_poll() Line 523  

if (heap_first(&hentry,
      hlist.th32ProcessID,
                      hlist.th32HeapID))



Jason


On Thu, Oct 5, 2017 at 11:59 AM, Michael Wojcik <[hidden email]> wrote:

As I speculated, it appears you're hanging in random-number generation, probably due to a blocking CPRNG that can't get the entropy it needs.

 

This is an operating-system issue, and needs to be referred to your OS administrator.

 

Michael Wojcik
Distinguished Engineer, Micro Focus

 

 

 

From: Jason Qian [mailto:[hidden email]]
Sent: Thursday, October 05, 2017 08:44
To: Michael Wojcik
Cc: [hidden email]
Subject: Re: [openssl-users] DH_generate_key Hangs

 

 

Here is the stack trace :

 

 libeay32.dll!RAND_poll  Normal

 [External Code]    

            

 libeay32.dll!RAND_poll() Line 523             

 libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo) Line 395            

 libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line 536  

 

 

Thanks

Jason

 

 

 

On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <[hidden email]> wrote:

> From: openssl-users [mailto:[hidden email]] On Behalf Of Jason Qian via openssl-users
> Sent: Wednesday, September 27, 2017 07:00
> To: [hidden email]
> Subject: [openssl-users] DH_generate_key Hangs

> Need some help,  one of our application that hangs when calling
> DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded condition.  
> Not sure, if anyone know this issue ?

The issue is running OpenSSL 0.9.8, which has not been supported since 2015.

DH_generate_key can use an engine (at least in supported versions of OpenSSL - I no longer have any 0.9.8 code around to check), so we really can't say what it might be doing in your application. But if it's using the default OpenSSL implementation, then if your DH parameters don't already include a private key, you'll end up generating random numbers. That can hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.

But you haven't provided nearly enough information to do more than speculate.

What you need to do:

1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes and isn't an LTS release). There's really no point in proceeding unless you do so. Your application is broken if it's using 0.9.8.

2. If the problem still occurs, debug a hanging instance and find out where *exactly* it's hung.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


 



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list

You could try to backport the win_rand file from a more recent release.

 

Far better, as Michael first said, to move to 1.0.2 or later.

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change


Thanks


On Thu, Oct 5, 2017 at 2:59 PM, Salz, Rich <[hidden email]> wrote:

You could try to backport the win_rand file from a more recent release.

 

Far better, as Michael first said, to move to 1.0.2 or later.

 

 



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
  • Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change

 

Sorry, then try 1.1.0  The HEAPWALK bug/issue is fixed there.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Jeffrey Walton-3
In reply to this post by OpenSSL - User mailing list
On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users
<[hidden email]> wrote:

> Thanks Michael,
>
>       I saw a lot of discussion for this issue on,
>
>        https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
>
>       Not sure if openSSL has a workaround or a patch ?
>
>
> It hangs on :
>
> libeay32.dll!RAND_poll() Line 523
>
> if (heap_first(&hentry,
>       hlist.th32ProcessID,
>                       hlist.th32HeapID))

You should avoid calls to RAND_poll altogether on Windows. Do so by
explicitly seeding the random number generator yourself.

Also see https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
on the OpenSSL wiki.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Jeffrey Walton-3
In reply to this post by OpenSSL - User mailing list
On Thu, Oct 5, 2017 at 3:27 PM, Jason Qian via openssl-users
<[hidden email]> wrote:
> Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
> change

I believe it was fixed earlier than that. Also see
https://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest

As Michael suggested, 0.9.8 is the biggest problem. You should
probably solve that problem first.

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
In reply to this post by Jeffrey Walton-3
We call DH_generate_key(DH *dh) and the RAND_poll() is called ssleay_rand_bytes


  libeay32d.dll!RAND_poll()  Line 572 C
  libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0)  Line 395 C
  libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 536 + 0xf bytes C
  libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 164 + 0x10 bytes C
  libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 152 + 0xd bytes C
> libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 213 + 0x17 bytes C
  libeay32d.dll!generate_key(dh_st * dh=0x03316a88)  Line 170 + 0x11 bytes C
  libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88)  Line 84 + 0xf bytes C

Thanks
Jason

On Thu, Oct 5, 2017 at 3:33 PM, Jeffrey Walton <[hidden email]> wrote:
On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users
<[hidden email]> wrote:
> Thanks Michael,
>
>       I saw a lot of discussion for this issue on,
>
>        https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
>
>       Not sure if openSSL has a workaround or a patch ?
>
>
> It hangs on :
>
> libeay32.dll!RAND_poll() Line 523
>
> if (heap_first(&hentry,
>       hlist.th32ProcessID,
>                       hlist.th32HeapID))

You should avoid calls to RAND_poll altogether on Windows. Do so by
explicitly seeding the random number generator yourself.

Also see https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
on the OpenSSL wiki.

Jeff


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
More :

 The call stacks are from 1.0.1c when calling DH_generate_key.
 Is any fix in the latest version for this ?


Thanks
Jason

      

On Thu, Oct 5, 2017 at 3:53 PM, Jason Qian <[hidden email]> wrote:
We call DH_generate_key(DH *dh) and the RAND_poll() is called ssleay_rand_bytes


  libeay32d.dll!RAND_poll()  Line 572 C
  libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0)  Line 395 C
  libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 536 + 0xf bytes C
  libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 164 + 0x10 bytes C
  libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 152 + 0xd bytes C
> libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 213 + 0x17 bytes C
  libeay32d.dll!generate_key(dh_st * dh=0x03316a88)  Line 170 + 0x11 bytes C
  libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88)  Line 84 + 0xf bytes C

Thanks
Jason

On Thu, Oct 5, 2017 at 3:33 PM, Jeffrey Walton <[hidden email]> wrote:
On Thu, Oct 5, 2017 at 2:55 PM, Jason Qian via openssl-users
<[hidden email]> wrote:
> Thanks Michael,
>
>       I saw a lot of discussion for this issue on,
>
>        https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
>
>       Not sure if openSSL has a workaround or a patch ?
>
>
> It hangs on :
>
> libeay32.dll!RAND_poll() Line 523
>
> if (heap_first(&hentry,
>       hlist.th32ProcessID,
>                       hlist.th32HeapID))

You should avoid calls to RAND_poll altogether on Windows. Do so by
explicitly seeding the random number generator yourself.

Also see https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
on the OpenSSL wiki.

Jeff



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Michael Wojcik
In reply to this post by Jeffrey Walton-3
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Jeffrey Walton
> Sent: Thursday, October 05, 2017 13:33
> To: Jason Qian; OpenSSL Users
> Subject: Re: [openssl-users] DH_generate_key Hangs
>
>
> You should avoid calls to RAND_poll altogether on Windows. Do so by
> explicitly seeding the random number generator yourself.

As a starting point, try something like this:

-----
static ENGINE *rdrand;

void init_prng(void) {
    /* Try to seed the PRNG with the Intel RDRAND on-chip PRNG */
    OPENSSL_cpuid_setup();
    ENGINE_load_rdrand();
    rdrand = ENGINE_by_id("rdrand");
    if (rdrand) {
        int success = 0;
        if (ENGINE_init(rdrand)) {
            success = ENGINE_set_default(rdrand, ENGINE_METHOD_RAND);
        }

        /***
        Per OpenSSL wiki, call ENGINE_free here regardless of whether we're
        successfully using rdrand. The "functional reference" to rdrand will
        be released when we call ENGINE_finish.
        ***/
        ENGINE_free(rdrand);
        if (! success) ENGINE_finish(rdrand), rdrand = NULL;
    }

    if (!rdrand && !RAND_status()){
      RAND_screen();   /* this isn't really emough entropy, but it's a start */
      if (!RAND_status()) {
         RAND_poll();      /* try to gather additional entropy */
      }
   }
}

void terminate_engines(void) {
   if (rdrand) ENGINE_finish(rdrand), rdrand = NULL;
   /* similarly for any other engines you use */
   ENGINE_cleanup();
}
-----

Call init_prng after your OpenSSL initialization code (e.g. after calling OpenSSL_add_all_algorithms), and terminate_engines when you're done using OpenSSL (e.g. just before process exit).

Note that this code uses RAND_screen if RDRAND isn't available. RAND_screen is really not a very good idea; it may be OK on workstations, but rarely provides much entropy on servers because they typically aren't doing much screen output. And if you still need entropy after the RAND_screen call, you'll end up in RAND_poll anyway. The alternative is to write your own code that harvests entropy from some source (or sources).

Other people may have better suggestions.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Jeffrey Walton-3
>> You should avoid calls to RAND_poll altogether on Windows. Do so by
>> explicitly seeding the random number generator yourself.
>
> As a starting point, try something like this:
>
> -----
> static ENGINE *rdrand;
>
> void init_prng(void) {
>     /* Try to seed the PRNG with the Intel RDRAND on-chip PRNG */
>     OPENSSL_cpuid_setup();
>     ENGINE_load_rdrand();
>     rdrand = ENGINE_by_id("rdrand");
>     if (rdrand) {
>         int success = 0;
>         if (ENGINE_init(rdrand)) {
>             success = ENGINE_set_default(rdrand, ENGINE_METHOD_RAND);
>         }
>
>         /***
>         Per OpenSSL wiki, call ENGINE_free here regardless of whether we're
>         successfully using rdrand. The "functional reference" to rdrand will
>         be released when we call ENGINE_finish.
>         ***/
>         ENGINE_free(rdrand);
>         if (! success) ENGINE_finish(rdrand), rdrand = NULL;
>     }
>
>     if (!rdrand && !RAND_status()){
>       RAND_screen();   /* this isn't really emough entropy, but it's a start */
>       if (!RAND_status()) {
>          RAND_poll();      /* try to gather additional entropy */
>       }
>    }
> }
>
> void terminate_engines(void) {
>    if (rdrand) ENGINE_finish(rdrand), rdrand = NULL;
>    /* similarly for any other engines you use */
>    ENGINE_cleanup();
> }
> -----
>
> Call init_prng after your OpenSSL initialization code (e.g. after calling OpenSSL_add_all_algorithms), and terminate_engines when you're done using OpenSSL (e.g. just before process exit).
>
> Note that this code uses RAND_screen if RDRAND isn't available. RAND_screen is really not a very good idea; it may be OK on workstations, but rarely provides much entropy on servers because they typically aren't doing much screen output. And if you still need entropy after the RAND_screen call, you'll end up in RAND_poll anyway. The alternative is to write your own code that harvests entropy from some source (or sources).
>
> Other people may have better suggestions.

Headless servers without hw entropy sources are tough. In this case I
use hedging. I've got some patches somewhere for 1.0.1, but they won't
apply to 0.9.8.

Also see:

* When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography,
http://pages.cs.wisc.edu/~rist/papers/sslhedge.pdf
* When Virtual is Harder than Real: Security Challenges in Virtual
Machine Based Computing Environments,
http://www.usenix.org/legacy/event/hotos05/final_papers/full_papers/garfinkel/garfinkel.pdf

Jeff
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
Thanks Jeff,

The challenge is that,  we are not directly calling RAND_poll(). We just call DH_generate_key for DH key. 
From the following call stacks, you can see the RAND_poll() is triggered by ssleay_rand_bytes.

  libeay32d.dll!RAND_poll()  Line 572 C
  libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0)  Line 395 C
  libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 536 + 0xf bytes C
  libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128)  Line 164 + 0x10 bytes C
  libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 152 + 0xd bytes C
> libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0)  Line 213 + 0x17 bytes C
  libeay32d.dll!generate_key(dh_st * dh=0x03316a88)  Line 170 + 0x11 bytes C
  libeay32d.dll!DH_generate_key(dh_st * dh=0x03316a88)  Line 84 + 0xf bytes C

Jason


On Thu, Oct 5, 2017 at 7:52 PM, Jeffrey Walton <[hidden email]> wrote:
>> You should avoid calls to RAND_poll altogether on Windows. Do so by
>> explicitly seeding the random number generator yourself.
>
> As a starting point, try something like this:
>
> -----
> static ENGINE *rdrand;
>
> void init_prng(void) {
>     /* Try to seed the PRNG with the Intel RDRAND on-chip PRNG */
>     OPENSSL_cpuid_setup();
>     ENGINE_load_rdrand();
>     rdrand = ENGINE_by_id("rdrand");
>     if (rdrand) {
>         int success = 0;
>         if (ENGINE_init(rdrand)) {
>             success = ENGINE_set_default(rdrand, ENGINE_METHOD_RAND);
>         }
>
>         /***
>         Per OpenSSL wiki, call ENGINE_free here regardless of whether we're
>         successfully using rdrand. The "functional reference" to rdrand will
>         be released when we call ENGINE_finish.
>         ***/
>         ENGINE_free(rdrand);
>         if (! success) ENGINE_finish(rdrand), rdrand = NULL;
>     }
>
>     if (!rdrand && !RAND_status()){
>       RAND_screen();   /* this isn't really emough entropy, but it's a start */
>       if (!RAND_status()) {
>          RAND_poll();      /* try to gather additional entropy */
>       }
>    }
> }
>
> void terminate_engines(void) {
>    if (rdrand) ENGINE_finish(rdrand), rdrand = NULL;
>    /* similarly for any other engines you use */
>    ENGINE_cleanup();
> }
> -----
>
> Call init_prng after your OpenSSL initialization code (e.g. after calling OpenSSL_add_all_algorithms), and terminate_engines when you're done using OpenSSL (e.g. just before process exit).
>
> Note that this code uses RAND_screen if RDRAND isn't available. RAND_screen is really not a very good idea; it may be OK on workstations, but rarely provides much entropy on servers because they typically aren't doing much screen output. And if you still need entropy after the RAND_screen call, you'll end up in RAND_poll anyway. The alternative is to write your own code that harvests entropy from some source (or sources).
>
> Other people may have better suggestions.

Headless servers without hw entropy sources are tough. In this case I
use hedging. I've got some patches somewhere for 1.0.1, but they won't
apply to 0.9.8.

Also see:

* When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities
and Hedging Deployed Cryptography,
http://pages.cs.wisc.edu/~rist/papers/sslhedge.pdf
* When Virtual is Harder than Real: Security Challenges in Virtual
Machine Based Computing Environments,
http://www.usenix.org/legacy/event/hotos05/final_papers/full_papers/garfinkel/garfinkel.pdf

Jeff


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Jason Qian via openssl-users
> Sent: Friday, October 06, 2017 07:14

> The challenge is that,  we are not directly calling RAND_poll(). We just call DH_generate_key for DH key. 
> From the following call stacks, you can see the RAND_poll() is triggered by ssleay_rand_bytes.

RAND_poll is being called because the PRNG does not have enough entropy. Seed it with sufficient entropy first, and it won't be called by DH_generate_key.

--
Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
In reply to this post by OpenSSL - User mailing list

Okay, you seem to be looking for an answer and there isn’t one.

 

The release you are using has problems when it decided to walk the heap.  The release you are using WILL NOT BE FIXED.

 

Change your code, backport the fix, or move to a more modern release.  Sorry, there is no other way.

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
Thanks,

On Fri, Oct 6, 2017 at 9:36 AM, Salz, Rich <[hidden email]> wrote:

Okay, you seem to be looking for an answer and there isn’t one.

 

The release you are using has problems when it decided to walk the heap.  The release you are using WILL NOT BE FIXED.

 

Change your code, backport the fix, or move to a more modern release.  Sorry, there is no other way.

 

 



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
In reply to this post by Jeffrey Walton-3
Hi Jeff,

 and it seems exactly the same issue I have. I have moved to 1.0.1c. 

   One question is where can I find the patch ? I have the built environment and I can build myself.

Thanks for the help
Jason

On Thu, Oct 5, 2017 at 3:37 PM, Jeffrey Walton <[hidden email]> wrote:
On Thu, Oct 5, 2017 at 3:27 PM, Jason Qian via openssl-users
<[hidden email]> wrote:
> Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no
> change

I believe it was fixed earlier than that. Also see
https://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest

As Michael suggested, 0.9.8 is the biggest problem. You should
probably solve that problem first.

Jeff


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: DH_generate_key Hangs

OpenSSL - User mailing list
In reply to this post by OpenSSL - User mailing list
Hi Salz,

     I have built the 1.1.0f  with vc10 ( have to move some header files)
      
     Is the OpenSSL 1.1.0f supported version ?


Thanks
Jason

     

On Thu, Oct 5, 2017 at 3:31 PM, Salz, Rich <[hidden email]> wrote:
  • Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it seems no change

 

Sorry, then try 1.1.0  The HEAPWALK bug/issue is fixed there.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
12