[openssl-users] DH_generate_key Hangs
jqian at tibco.com
Thu Oct 5 14:43:43 UTC 2017
Here is the stack trace :
libeay32.dll!RAND_poll() Line 523
libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo)
libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num) Line
On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Jason Qian via openssl-users
> > Sent: Wednesday, September 27, 2017 07:00
> > To: openssl-users at openssl.org
> > Subject: [openssl-users] DH_generate_key Hangs
> > Need some help, one of our application that hangs when calling
> > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded
> > Not sure, if anyone know this issue ?
> The issue is running OpenSSL 0.9.8, which has not been supported since
> DH_generate_key can use an engine (at least in supported versions of
> OpenSSL - I no longer have any 0.9.8 code around to check), so we really
> can't say what it might be doing in your application. But if it's using the
> default OpenSSL implementation, then if your DH parameters don't already
> include a private key, you'll end up generating random numbers. That can
> hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.
> But you haven't provided nearly enough information to do more than
> What you need to do:
> 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes
> and isn't an LTS release). There's really no point in proceeding unless you
> do so. Your application is broken if it's using 0.9.8.
> 2. If the problem still occurs, debug a hanging instance and find out
> where *exactly* it's hung.
> Michael Wojcik
> Distinguished Engineer, Micro Focus
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users