From owner-freebsd-bugs Mon Dec 10 9:30: 7 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9CFB037B419 for ; Mon, 10 Dec 2001 09:30:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id fBAHU0795845; Mon, 10 Dec 2001 09:30:00 -0800 (PST) (envelope-from gnats) Received: from mailout04.sul.t-online.de (mailout04.sul.t-online.com [194.25.134.18]) by hub.freebsd.org (Postfix) with ESMTP id DF32337B416 for ; Mon, 10 Dec 2001 09:23:45 -0800 (PST) Received: from fwd01.sul.t-online.de by mailout04.sul.t-online.de with smtp id 16DU9Z-00088q-01; Mon, 10 Dec 2001 18:23:45 +0100 Received: from spotteswoode.dnsalias.org (520082050842-0001@[62.226.125.187]) by fmrl01.sul.t-online.com with smtp id 16DU9N-0eNiIiC; Mon, 10 Dec 2001 18:23:33 +0100 Received: (qmail 11119 invoked by uid 0); 10 Dec 2001 17:23:32 -0000 Message-Id: <20011210182332.V905@spotteswoode.dnsalias.org> Date: 10 Dec 2001 18:23:32 +0100 From: "clemensF" To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/32675: problem using /dev/random in openssl -rand Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 32675 >Category: kern >Synopsis: openssl dhparam hangs when using /dev/random as entropy source >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Dec 10 09:30:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: clemens fischer >Release: FreeBSD 4.3-RELEASE i386 >Organization: >Environment: System: FreeBSD spotteswoode.dnsalias.org 4.3-RELEASE FreeBSD 4.3-RELEASE #11: Sat Sep 1 00:49:59 CEST 2001 root@spotteswoode.yi.org:/usr/src/sys/compile/n1 i386 >Description: i wanted to create a set of diffie-helman paramters for later key generation using the following commands, and i wanted to seed openssl-0.9.6b's PRNG using /dev/[u]random: #openssl dhparam -outform PEM -out /l/ssl/pem/dh1024.pem -5 \ -rand /dev/random:/dev/urandom 1024 ^C #openssl dhparam -outform PEM -in /dev/null -out /l/ssl/pem/dh512.pem -2 \ -rand /dev/urandom Killed >How-To-Repeat: using /dev/random to seed openssl in this particuliar application will always make openssl chew up CPU upto 99%, and it will run producing no output until interrupted forcibly. >Fix: there is a simple workaround: *not* using the "-rand /dev/random" option, eg: #openssl dhparam -outform PEM -in /dev/null -out /l/ssl/pem/dh512.pem -2 warning, not much extra random data, consider using the -rand option Generating DH parameters, 512 bit long safe prime, generator 2 This is going to take a long time ..........+.........................++*++*++*++*++*++* then it always *works*! clemens fischer >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message