<div dir="ltr">Hi all,<div><br></div><div>Thanks for the replies.</div><div>I checked our original code and made sure that we use Default and Legacy providers. (looks like I omitted it in my first email).</div><div>Some info:</div><div>OpenSSL Version: 3.0.5<br>Commands for building OpenSSL: <i>perl Configure VC-WIN32 --prefix=C:/openssl-3.0.5-debug-vc19 --debug</i><br></div><div>Compiler used(for our program and OpenSSL build): <i>Visual Studio 2019</i></div><div>Platform: <i>Windows 10 22H2 64bit</i><br><br></div><div>Note that there is no problem with these sequences of code during <b>runtime</b>.</div><div>BUT, whenever we <b>enable </b>our memory leak detection software <b>PurifyPlus </b>then run our program, RAND_status() encounters problems which then terminates the program.</div><div><br></div><div><i>[I] Message: TerminateProcess called with code 0x3<br> Call location<br> TerminateProcess [C:\Windows\SysWOW64\KERNEL32.DLL]<br> common_message_window<wchar_t> [.\minkernel\crts\ucrt\src\appcrt\misc\dbgrpt.cpp:432]<br> exit_err [<REPO>\main.c:521]<br> __scrt_common_main_seh [d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:304]<br> _aesni_cbc_encrypt [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\crypto\aes\libcrypto-shlib-aesni-x86.obj]<br> _aesni_set_encrypt_key [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\crypto\aes\libcrypto-shlib-aesni-x86.obj]<br> cipher_hw_aesni_initkey [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\providers\implementations\ciphers\cipher_aes_hw_aesni.inc:37]<br> cipher_generic_init_internal [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\providers\implementations\ciphers\ciphercommon.c:218]<br> ossl_cipher_generic_einit [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\providers\implementations\ciphers\ciphercommon.c:228]<br> evp_cipher_init_internal [C:\thirdparty\openssl\openssl-3.0.5-debug\openssl-3.0.5\crypto\evp\evp_enc.c:218]</i><br><br></div><div>The program terminates at <i>_aesni_cbc_encrypt</i>.</div><div>Are there some pointers we have to initialize or functions to call before calling RAND_status()?<br>I also checked about <b><i>RAND_DRBG_set_reseed_def</i><i>aults </i></b>but it seems already removed from 3.0.0.</div><div><br></div><div>Regards,</div><div>Jayme</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 16, 2023 at 3:46 AM Steffen Nurpmeso <<a href="mailto:steffen@sdaoden.eu">steffen@sdaoden.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Tomas Mraz wrote in<br>
<<a href="mailto:a73ba399390924cb0249146723d43babf485674d.camel@openssl.org" target="_blank">a73ba399390924cb0249146723d43babf485674d.camel@openssl.org</a>>:<br>
<br>
(Resorting a bit)<br>
<br>
|On Wed, 2023-02-15 at 12:00 +0800, Jayme Mikko Ancla wrote:<br>
|> I would like to know if my use of RAND_status() like below is<br>
|> correct:<br>
...<br>
|> if (RAND_status() != 1) {<br>
|> RAND_seed(rnd_seed, sizeof rnd_seed);<br>
|> }<br>
...<br>
|I assume you're getting a failure. If so, it is because you did <br>
|not load the default provider in addition to the legacy one.<br>
|<br>
|Otherwise your code is OK, although these days the RAND_seed() call<br>
<br>
Has this changed again? I am now forced to set<br>
<br>
(void)RAND_DRBG_set_reseed_defaults(0, 0, 0, 0); /* (does not fail here) */<br>
<br>
and especially i call anything in a loop as in<br>
<br>
# if mx_HAVE_TLS != mx_TLS_IMPL_RESSL && !defined mx_XTLS_HAVE_RAND_FILE<br>
n_err(_("TLS RAND_bytes(3ssl) failed (missing entropy?), "<br>
"waiting a bit\n"));<br>
/* Around ~Y2K+1 anything <= was a busy loop iirc, so give pad */<br>
su_time_msleep(250, FAL0);<br>
continue;<br>
# endif<br>
<br>
|should not be needed at all, the RNG should be seeded by itself unless<br>
|there is something wrong with your build configuration of the OpenSSL<br>
|or your OS is some awkward legacy one.<br>
<br>
Ah the OS! "32 byte is enough"(, endlessly), said Jason Donenfeld.<br>
(Reseeded often, and pretty "nifty", imho. Once i looked.)<br>
<br>
--steffen<br>
|<br>
|Der Kragenbaer, The moon bear,<br>
|der holt sich munter he cheerfully and one by one<br>
|einen nach dem anderen runter wa.ks himself off<br>
|(By Robert Gernhardt)<br>
</blockquote></div>