Thank You Paul and Matthias for your help.

The reason I am trying to have separate RAND_METHOD for two threads is, the 
first thread which runs DNS bind code registers for RAND_METHOD through dnssec 
module in it. It registers via either ENGINE_set_default_RAND() or 
RAND_set_rand_method() based on OPENSSL_NO_ENGINE is defined or not. But 
problem is, under some circumstances the random number generator enters into 
blocking mode and starts to wait for some events on some FDs and it blocks in 
select() system call. dst__entropy_getdata()  from bind code is doing this. I 
am not sure under what cases it enters into blocking mode.

So If I use this RND_METHOD in second thread (basically this thread does 
different task of handling DoT, Dns Over TLS, connections, which is not related 
to first thread wrt SSL functionalities), then while creating SSL_CTX this 
thread gets stuck in select() system call randomly (happens very rarely as 
decided by dst__entropy_getdata()); this can happen at any time of SSL 
connection lifetime whenever it wants to get random data.

I agree with you that we should have done this as separate process instead of 
new thread; but I am trying figure out if I can somehow avoid this situation.

As you mentioned, I tried to look into implementation of RAND_bytes() and 
drbg_bytes().

When SSL_CTX_new() calls RAND_bytes(), it calls RAND_get_rand_method() which 
returns RAND_METHOD set by bind thread. So if I avoid configuring RAND_METHOD 
in bind thread, then RAND_get_rand_method() will return rand_meth which is 
OpenSSL default RAND_METHOD; but if I do this change bind thread will move away 
from its RAND_METHOD functions and start using OpenSSL default functions which 
may change its behaviour.

So I am still confused how can I do bind thread to use its own RAND_METHOD and 
DoT thread to use default OpenSSL RAND_METHOD. It would be really helpful if 
you can explain this with little more details (are there any APIs I can call 
from one thread to use its specific RAND_METHOD but other threads continue to 
use OpenSSL default RAND_METHOD?).

Thank You,
Vishwanath M



From: 
openssl-users-requ...@openssl.org<mailto:openssl-users-requ...@openssl.org>
Sent: 02 April 2021 04:58 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: openssl-users Digest, Vol 77, Issue 4

Send openssl-users mailing list submissions to
        openssl-users@openssl.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
        openssl-users-requ...@openssl.org

You can reach the person managing the list at
        openssl-users-ow...@openssl.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

   1. Re: Regarding RAND_set_rand_method (Dr Paul Dale)
   2. RE: Regarding RAND_set_rand_method (Dr. Matthias St. Pierre)


----------------------------------------------------------------------

Message: 1
Date: Fri, 2 Apr 2021 16:51:28 +1000
From: Dr Paul Dale <pa...@openssl.org>
To: openssl-users@openssl.org
Subject: Re: Regarding RAND_set_rand_method
Message-ID: <1781ab4c-2e2b-fa3b-8b3c-fb4fc5bd3...@openssl.org>
Content-Type: text/plain; charset="windows-1252"; Format="flowed"

There isn't an easy a way to do what you want in 1.1.1.
RAND_set_rand_method replaces the RNG for all of OpenSSL.? In theory
your RAND_METHOD could detect which thread it is running in and do
different things for each.? I'm not sure this is a good idea however.

Why aren't the random number from your first thread good enough for the
second?? Good random numbers are just that - random.? It should be
impossible to distinguish the two streams.

In OpenSSL 3.0 there are ways to achieve what you're wanting.


Pauli

On 2/4/21 4:24 pm, Vishwanath Mahajanshetty wrote:
>
> Hi,
>
> I have some doubts/questions on how to use methods (for ex:
> RAND_set_rand_method) in multi threaded application which use OpenSSL.
> In my application (running on OpenSSL 1.1.1d) there are two threads
> which use OpenSSL, both threads perform very different operations. The
> issue I am facing is as below:
>
> Thread T1 calls RAND_set_rand_method() and sets RAND_METHOD structure.
> This is very specific to T1s use case. When thread T2 wants to create
> SSL_CTX it calls SSL_CTX_new() which then calls RAND_priv_bytes(). I
> am observing that the function RAND_priv_bytes() is calling the
> function set by T1 by RAND_METHOD in RAND_set_rand_method().
>
> Essentially RAND_METHOD function set by thread T1 are getting called
> by thread T2.
>
> *Q1: I want to know is there any way to avoid this problem? I want
> thread T2 to call default RAND methods and avoid calling methods set
> by thread T1. This is not only for RAND methods, but for any other
> methods.*
>
> **
>
> Q2: Also, is it possible to run OpenSSL as separate instance per
> thread (where each thread can do its own OpenSSL initialization) so
> that they can avoid above mentioned problem?
>
> Thank you,
>
> Vishwanath M
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://mta.openssl.org/pipermail/openssl-users/attachments/20210402/58bcb71b/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 2 Apr 2021 11:27:53 +0000
From: "Dr. Matthias St. Pierre" <matthias.st.pie...@ncp-e.com>
To: Dr Paul Dale <pa...@openssl.org>, "openssl-users@openssl.org"
        <openssl-users@openssl.org>
Subject: RE: Regarding RAND_set_rand_method
Message-ID: <7056523443ae4f94bca32240c4f24...@ncp-e.com>
Content-Type: text/plain; charset="us-ascii"

Re Q1: I want to know is there any way to avoid this problem? I want thread T2 
to call default RAND methods and avoid calling methods set by thread T1. This 
is not only for RAND methods, but for any other methods.

First of all, I agree with Pauli: your first question should be, why do you 
need different random generators for different threads in the same application? 
Is this necessary, or are you overengineering?

Let me clarify some details about the RNG implemention in OpenSSL 1.1.1.: The 
RAND_METHOD interface itself is not thread aware. It is only the new default 
RAND_METHOD implementation (added in 1.1.1.) of OpenSSL (RAND_OpenSSL()), which 
supports thread local random generators. The implementation is based on 
deterministic random bit generators (DRBG) as described in NIST.SP.800-90Ar1. 
Wenn a thread calls RAND_bytes() (resp. RAND_priv_bytes()), the call is 
forwarded to the thread-specific DRBG instance. All per-thread instances reseed 
from a single global DRBG instance, which in turn reseeds from  from random 
sources provided by the operating system.

In your case, by replacing the RAND_METHOD, you are changing the complete RAND 
implementation for all threads. Moreover, you are completely responsible 
yourself for reseeding your RNG properly.

You could however implement a smarter RAND_METHOD which calls your specific RNG 
for T1 and delegates to the thread local DRBG (RAND_DRBG_get0_public() resp. 
RAND_DRBG_get0_private()) for all other threads. To get an idea how it can be 
done, take a look at the default implementation of RAND_bytes(),  drbg_bytes() 
in drbg_lib.c:

https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/crypto/rand/drbg_lib.c#L958-L970


Re Q2: Also, is it possible to run OpenSSL as separate instance per thread 
(where each thread can do its own OpenSSL initialization) so that they can 
avoid above mentioned problem?

No. If you really need something like that, you might want to consider 
splitting your two threads into two processes.

HTH,
Matthias



From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of Dr Paul 
Dale
Sent: Friday, April 2, 2021 8:51 AM
To: openssl-users@openssl.org
Subject: Re: Regarding RAND_set_rand_method

There isn't an easy a way to do what you want in 1.1.1.  RAND_set_rand_method 
replaces the RNG for all of OpenSSL.  In theory your RAND_METHOD could detect 
which thread it is running in and do different things for each.  I'm not sure 
this is a good idea however.

Why aren't the random number from your first thread good enough for the second? 
 Good random numbers are just that - random.  It should be impossible to 
distinguish the two streams.

In OpenSSL 3.0 there are ways to achieve what you're wanting.


Pauli
On 2/4/21 4:24 pm, Vishwanath Mahajanshetty wrote:
Hi,

I have some doubts/questions on how to use methods (for ex: 
RAND_set_rand_method) in multi threaded application which use OpenSSL. In my 
application (running on OpenSSL 1.1.1d) there are two threads which use 
OpenSSL, both threads perform very different operations. The issue I am facing 
is as below:

Thread T1 calls RAND_set_rand_method() and sets RAND_METHOD structure. This is 
very specific to T1s use case. When thread T2 wants to create SSL_CTX it calls 
SSL_CTX_new() which then calls RAND_priv_bytes(). I am observing that the 
function RAND_priv_bytes() is calling the function set by T1 by RAND_METHOD in 
RAND_set_rand_method().

Essentially RAND_METHOD function set by thread T1 are getting called by thread 
T2.

Q1: I want to know is there any way to avoid this problem? I want thread T2 to 
call default RAND methods and avoid calling methods set by thread T1. This is 
not only for RAND methods, but for any other methods.

Q2: Also, is it possible to run OpenSSL as separate instance per thread (where 
each thread can do its own OpenSSL initialization) so that they can avoid above 
mentioned problem?

Thank you,
Vishwanath M


-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://mta.openssl.org/pipermail/openssl-users/attachments/20210402/53153b3a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7494 bytes
Desc: not available
URL: 
<https://mta.openssl.org/pipermail/openssl-users/attachments/20210402/53153b3a/attachment.bin>

------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
openssl-users@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 77, Issue 4
********************************************

Reply via email to