Thanks Jeff, The challenge is that, we are not directly calling RAND_poll(). We just call *DH_generate_key* for DH key. >From the following call stacks, you can see the RAND_poll() is triggered by ssleay_rand_bytes.
libeay32d.dll!*RAND_poll*() Line 572 C libeay32d.dll!ssleay_rand_bytes(unsigned char * buf=0x03318fe0, int num=128, int pseudo=0) Line 395 C libeay32d.dll!ssleay_rand_nopseudo_bytes(unsigned char * buf=0x03318fe0, int num=128) Line 536 + 0xf bytes C libeay32d.dll!RAND_bytes(unsigned char * buf=0x03318fe0, int num=128) Line 164 + 0x10 bytes C libeay32d.dll!bnrand(int pseudorand=0, bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0) Line 152 + 0xd bytes C > libeay32d.dll!BN_rand(bignum_st * rnd=0x03318518, int bits=1023, int top=0, int bottom=0) Line 213 + 0x17 bytes C libeay32d.dll!generate_key(dh_st * dh=0x03316a88) Line 170 + 0x11 bytes C libeay32d.dll!*DH_generate_key*(dh_st * dh=0x03316a88) Line 84 + 0xf bytes C Jason On Thu, Oct 5, 2017 at 7:52 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > >> You should avoid calls to RAND_poll altogether on Windows. Do so by > >> explicitly seeding the random number generator yourself. > > > > As a starting point, try something like this: > > > > ----- > > static ENGINE *rdrand; > > > > void init_prng(void) { > > /* Try to seed the PRNG with the Intel RDRAND on-chip PRNG */ > > OPENSSL_cpuid_setup(); > > ENGINE_load_rdrand(); > > rdrand = ENGINE_by_id("rdrand"); > > if (rdrand) { > > int success = 0; > > if (ENGINE_init(rdrand)) { > > success = ENGINE_set_default(rdrand, ENGINE_METHOD_RAND); > > } > > > > /*** > > Per OpenSSL wiki, call ENGINE_free here regardless of whether > we're > > successfully using rdrand. The "functional reference" to rdrand > will > > be released when we call ENGINE_finish. > > ***/ > > ENGINE_free(rdrand); > > if (! success) ENGINE_finish(rdrand), rdrand = NULL; > > } > > > > if (!rdrand && !RAND_status()){ > > RAND_screen(); /* this isn't really emough entropy, but it's a > start */ > > if (!RAND_status()) { > > RAND_poll(); /* try to gather additional entropy */ > > } > > } > > } > > > > void terminate_engines(void) { > > if (rdrand) ENGINE_finish(rdrand), rdrand = NULL; > > /* similarly for any other engines you use */ > > ENGINE_cleanup(); > > } > > ----- > > > > Call init_prng after your OpenSSL initialization code (e.g. after > calling OpenSSL_add_all_algorithms), and terminate_engines when you're done > using OpenSSL (e.g. just before process exit). > > > > Note that this code uses RAND_screen if RDRAND isn't available. > RAND_screen is really not a very good idea; it may be OK on workstations, > but rarely provides much entropy on servers because they typically aren't > doing much screen output. And if you still need entropy after the > RAND_screen call, you'll end up in RAND_poll anyway. The alternative is to > write your own code that harvests entropy from some source (or sources). > > > > Other people may have better suggestions. > > Headless servers without hw entropy sources are tough. In this case I > use hedging. I've got some patches somewhere for 1.0.1, but they won't > apply to 0.9.8. > > Also see: > > * When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities > and Hedging Deployed Cryptography, > http://pages.cs.wisc.edu/~rist/papers/sslhedge.pdf > * When Virtual is Harder than Real: Security Challenges in Virtual > Machine Based Computing Environments, > http://www.usenix.org/legacy/event/hotos05/final_papers/ > full_papers/garfinkel/garfinkel.pdf > > Jeff >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users