Thanks Michael,
I saw a lot of discussion for this issue on,
https://mta.openssl.org/pipermail/openssl-dev/2015-July/002210.html
Not sure if openSSL has a workaround or a patch ?
It hangs on :
*libeay32.dll!RAND_poll() Line 523 *
if (*heap_first*(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
Jason
On Thu, Oct 5, 2017 at 11:59 AM, Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> As I speculated, it appears you're hanging in random-number generation,
> probably due to a blocking CPRNG that can't get the entropy it needs.
>
>
>
> This is an operating-system issue, and needs to be referred to your OS
> administrator.
>
>
>
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
>
>
>
>
> *From:* Jason Qian [mailto:jq...@tibco.com]
> *Sent:* Thursday, October 05, 2017 08:44
> *To:* Michael Wojcik
> *Cc:* openssl-users@openssl.org
> *Subject:* Re: [openssl-users] DH_generate_key Hangs
>
>
>
>
>
> Here is the stack trace :
>
>
>
> libeay32.dll!RAND_poll Normal
>
> [External Code]
>
>
>
> libeay32.dll!RAND_poll() Line 523
>
> libeay32.dll!ssleay_rand_bytes(unsigned char * buf, int num, int pseudo)
> Line 395
>
> libeay32.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf, int num)
> Line 536
>
>
>
>
>
> Thanks
>
> Jason
>
>
>
>
>
>
>
> On Wed, Sep 27, 2017 at 2:02 PM, Michael Wojcik <
> michael.woj...@microfocus.com> wrote:
>
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Jason Qian via openssl-users
> > Sent: Wednesday, September 27, 2017 07:00
> > To: openssl-users@openssl.org
> > Subject: [openssl-users] DH_generate_key Hangs
>
> > Need some help, one of our application that hangs when calling
> > DH_generate_key (openssl-0.9.8y). This occurs randomly under loaded
> condition.
> > Not sure, if anyone know this issue ?
>
> The issue is running OpenSSL 0.9.8, which has not been supported since
> 2015.
>
> DH_generate_key can use an engine (at least in supported versions of
> OpenSSL - I no longer have any 0.9.8 code around to check), so we really
> can't say what it might be doing in your application. But if it's using the
> default OpenSSL implementation, then if your DH parameters don't already
> include a private key, you'll end up generating random numbers. That can
> hang, if OpenSSL is using a blocking CPRNG source such as /dev/random.
>
> But you haven't provided nearly enough information to do more than
> speculate.
>
> What you need to do:
>
> 1. Upgrade to OpenSSL 1.0.2 (or possibly 1.1.0, but that has API changes
> and isn't an LTS release). There's really no point in proceeding unless you
> do so. Your application is broken if it's using 0.9.8.
>
> 2. If the problem still occurs, debug a hanging instance and find out
> where *exactly* it's hung.
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
