From ino-waiting@gmx.net  Mon Dec 10 09:23:46 2001
Return-Path: <ino-waiting@gmx.net>
Received: from mailout04.sul.t-online.de (mailout04.sul.t-online.com [194.25.134.18])
	by hub.freebsd.org (Postfix) with ESMTP id DF32337B416
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 10 Dec 2001 09:23:45 -0800 (PST)
Received: from fwd01.sul.t-online.de 
	by mailout04.sul.t-online.de with smtp 
	id 16DU9Z-00088q-01; Mon, 10 Dec 2001 18:23:45 +0100
Received: from spotteswoode.dnsalias.org (520082050842-0001@[62.226.125.187]) by fmrl01.sul.t-online.com
	with smtp id 16DU9N-0eNiIiC; Mon, 10 Dec 2001 18:23:33 +0100
Received: (qmail 11119 invoked by uid 0); 10 Dec 2001 17:23:32 -0000
Message-Id: <20011210182332.V905@spotteswoode.dnsalias.org>
Date: 10 Dec 2001 18:23:32 +0100
From: "clemensF" <ino-waiting@gmx.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: problem using /dev/random in openssl -rand
X-Send-Pr-Version: 3.113

>Number:         32675
>Category:       bin
>Synopsis:       openssl dhparam hangs when using /dev/random as entropy source
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kris
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 10 09:30:00 PST 2001
>Closed-Date:    Fri Aug 23 20:49:57 PDT 2002
>Last-Modified:  Mon Jul 05 16:43:02 GMT 2004
>Originator:     clemens fischer
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD spotteswoode.dnsalias.org 4.3-RELEASE FreeBSD 4.3-RELEASE
#11: Sat Sep 1 00:49:59 CEST 2001
root@spotteswoode.yi.org:/usr/src/sys/compile/n1 i386

>Description:

i wanted to create a set of diffie-helman paramters for later key
generation using the following commands, and i wanted to seed
openssl-0.9.6b's PRNG using /dev/[u]random:

#openssl dhparam -outform PEM -out /l/ssl/pem/dh1024.pem -5 \
		-rand /dev/random:/dev/urandom 1024
^C

#openssl dhparam -outform PEM -in /dev/null -out /l/ssl/pem/dh512.pem -2 \
		-rand /dev/urandom
Killed

>How-To-Repeat:

using /dev/random to seed openssl in this particuliar application will
always make openssl chew up CPU upto 99%, and it will run producing no
output until interrupted forcibly.

>Fix:

there is a simple workaround:  *not* using the "-rand /dev/random" option,
eg:

#openssl dhparam -outform PEM -in /dev/null -out /l/ssl/pem/dh512.pem -2
warning, not much extra random data, consider using the -rand option
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
..........+.........................++*++*++*++*++*++*

then it always *works*!

clemens fischer
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->kris 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Sun Dec 30 04:25:34 PST 2001 
Responsible-Changed-Why:  
Over to the openssl maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32675 

From: Kris Kennaway <kris@obsecurity.org>
To: clemensF <ino-waiting@gmx.net>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/32675: problem using /dev/random in openssl -rand
Date: Fri, 4 Jan 2002 20:59:12 -0800

 --lrZ03NoBR/3+SXJZ
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Mon, Dec 10, 2001 at 06:23:32PM +0100, clemensF wrote:
 
 > using /dev/random to seed openssl in this particuliar application will
 > always make openssl chew up CPU upto 99%, and it will run producing no
 > output until interrupted forcibly.
 
 /dev/random is a very low-output device which only produces output
 when there is entropy available to the kernel.  It's entirely expected
 that openssl dhparam would take an extremely long time to run if
 you're using this device; that's why /dev/urandom is the default
 entropy source.  I expect if you left it run long enough it would
 actually finish, it just might take quite a while, especially if you
 don't have many entropy sources defined via rndcontrol.
 
 Kris
 --lrZ03NoBR/3+SXJZ
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE8NogfWry0BWjoQKURApovAJ4n6Kdnb3g2wSqzhf0PDV+a34pcIwCgzV/b
 CbAgSECIQJy/w7I+W1SBfIQ=
 =d5f/
 -----END PGP SIGNATURE-----
 
 --lrZ03NoBR/3+SXJZ--
State-Changed-From-To: open->analyzed 
State-Changed-By: kris 
State-Changed-When: Fri Jan 4 21:00:42 PST 2002 
State-Changed-Why:  
I believe this is expected behaviour due to the low output 
rate of the /dev/random device in 4.x 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32675 

From: clemensF <ino-E24f64e8@spotteswoode.dnsalias.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/32675: problem using /dev/random in openssl -rand
Date: Sat, 5 Jan 2002 14:48:15 +0100

 > Kris Kennaway:
 
 > /dev/random is a very low-output device which only produces output
 > when there is entropy available to the kernel.  It's entirely expected
 > that openssl dhparam would take an extremely long time to run if
 
 yes, that makes sense.  i'm wondering though, why openssl doesn't just sit
 and wait until more entropy becomes available.  isn't it funny that it
 idles taking so much CPU?
 
 > you're using this device; that's why /dev/urandom is the default
 > entropy source.  I expect if you left it run long enough it would
 > actually finish, it just might take quite a while, especially if you
 > don't have many entropy sources defined via rndcontrol.
 
 which interrupts can be used safely forgathering entropy?  i had massive
 problems when experimenting with the entropy sources culminating in an
 unusable system.
 
 clemens fischer

From: Kris Kennaway <kris@obsecurity.org>
To: clemensF <ino-E24f64e8@spotteswoode.dnsalias.org>
Cc: Kris Kennaway <kris@obsecurity.org>,
	FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/32675: problem using /dev/random in openssl -rand
Date: Sat, 5 Jan 2002 11:04:57 -0800

 --H+4ONPRPur6+Ovig
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Sat, Jan 05, 2002 at 02:48:15PM +0100, clemensF wrote:
 > > Kris Kennaway:
 >=20
 > > /dev/random is a very low-output device which only produces output
 > > when there is entropy available to the kernel.  It's entirely expected
 > > that openssl dhparam would take an extremely long time to run if
 >=20
 > yes, that makes sense.  i'm wondering though, why openssl doesn't just sit
 > and wait until more entropy becomes available.  isn't it funny that it
 > idles taking so much CPU?
 
 Yes, I suppose it is - that's something you should take up with the
 OpenSSL developers.
 
 > > you're using this device; that's why /dev/urandom is the default
 > > entropy source.  I expect if you left it run long enough it would
 > > actually finish, it just might take quite a while, especially if you
 > > don't have many entropy sources defined via rndcontrol.
 >=20
 > which interrupts can be used safely forgathering entropy?  i had massive
 > problems when experimenting with the entropy sources culminating in an
 > unusable system.
 
 Well, just don't use things like rtc or clk which have really high
 rates and you should be fine...
 
 Kris
 --H+4ONPRPur6+Ovig
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE8N05YWry0BWjoQKURAgtbAKCozvaxylfFYopfJDAmuGrFzK+QwgCgxu/I
 FNK629po2XE3hjDVBXRfYFQ=
 =8juQ
 -----END PGP SIGNATURE-----
 
 --H+4ONPRPur6+Ovig--
State-Changed-From-To: analyzed->closed 
State-Changed-By: kris 
State-Changed-When: Fri Aug 23 20:48:37 PDT 2002 
State-Changed-Why:  
Issue was determined to be the expected behaviour, although 
the performance of OpenSSL could possibly be improved in this 
case. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=32675 
>Unformatted:
