[openssl-users] DH_generate_key Hangs

Jason Qian jqian at tibco.com
Thu Oct 5 18:55:58 UTC 2017


Thanks Michael,

      I saw a lot of discussion for this issue on,

       https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html

      Not sure if openSSL has a workaround or a patch ?


It hangs on :

*libeay32.dll!RAND_poll() Line 523  *

if (*heap_first*(&hentry,
      hlist.th32ProcessID,
                      hlist.th32HeapID))



Jason


On Thu, Oct 5, 2017 at 11:59 AM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:

> As I speculated, it appears you're hanging in random-number generation,
> probably due to a blocking CPRNG that can't get the entropy it needs.
>
>
>
> This is an operating-system issue, and needs to be referred to your OS
> administrator.
>
>
>
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
>
>
>
>
> *From:* Jason Qian [mailto:jqian at tibco.com]
> *Sent:* Thursday, October 05, 2017 08:44
> *To:* Michael Wojcik
> *Cc:* openssl-users at openssl.org
> *Subject:* Re: [openssl-users] DH_generate_key Hangs
>
>
>
>
>
> Here is the stack trace :
>
>
>
>  libeay32.dll!RAND_poll  Normal
>
>  [External Code]
>
>
>
>  libeay32.dll!RAND_poll() Line 523
>
>  libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo)
> Line 395
>
>  libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num)
> Line 536
>
>
>
>
>
> Thanks
>
> Jason
>
>
>
>
>
>
>
> On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <
> Michael.Wojcik at microfocus.com> wrote:
>
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Jason Qian via openssl-users
> > Sent: Wednesday, September 27, 2017 07:00
> > To: openssl-users at openssl.org
> > Subject: [openssl-users] DH_generate_key Hangs
>
> > Need some help,  one of our application that hangs when calling
> > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded
> condition.
> > Not sure, if anyone know this issue ?
>
> The issue is running OpenSSL 0.9.8, which has not been supported since
> 2015.
>
> DH_generate_key can use an engine (at least in supported versions of
> OpenSSL - I no longer have any 0.9.8 code around to check), so we really
> can't say what it might be doing in your application. But if it's using the
> default OpenSSL implementation, then if your DH parameters don't already
> include a private key, you'll end up generating random numbers. That can
> hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.
>
> But you haven't provided nearly enough information to do more than
> speculate.
>
> What you need to do:
>
> 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes
> and isn't an LTS release). There's really no point in proceeding unless you
> do so. Your application is broken if it's using 0.9.8.
>
> 2. If the problem still occurs, debug a hanging instance and find out
> where *exactly* it's hung.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171005/b5d7d8c8/attachment.html>


More information about the openssl-users mailing list