Bug 32675
| Summary: | openssl dhparam hangs when using /dev/random as entropy source | ||
|---|---|---|---|
| Product: | Base System | Reporter: | clemens fischer <ino-waiting> |
| Component: | bin | Assignee: | Kris Kennaway <kris> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.3-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
clemens fischer
2001-12-10 17:30:00 UTC
Responsible Changed From-To: freebsd-bugs->kris Over to the openssl maintainer. On Mon, Dec 10, 2001 at 06:23:32PM +0100, clemensF wrote:
> using /dev/random to seed openssl in this particuliar application will
> always make openssl chew up CPU upto 99%, and it will run producing no
> output until interrupted forcibly.
/dev/random is a very low-output device which only produces output
when there is entropy available to the kernel. It's entirely expected
that openssl dhparam would take an extremely long time to run if
you're using this device; that's why /dev/urandom is the default
entropy source. I expect if you left it run long enough it would
actually finish, it just might take quite a while, especially if you
don't have many entropy sources defined via rndcontrol.
Kris
State Changed From-To: open->analyzed I believe this is expected behaviour due to the low output rate of the /dev/random device in 4.x > Kris Kennaway: > /dev/random is a very low-output device which only produces output > when there is entropy available to the kernel. It's entirely expected > that openssl dhparam would take an extremely long time to run if yes, that makes sense. i'm wondering though, why openssl doesn't just sit and wait until more entropy becomes available. isn't it funny that it idles taking so much CPU? > you're using this device; that's why /dev/urandom is the default > entropy source. I expect if you left it run long enough it would > actually finish, it just might take quite a while, especially if you > don't have many entropy sources defined via rndcontrol. which interrupts can be used safely forgathering entropy? i had massive problems when experimenting with the entropy sources culminating in an unusable system. clemens fischer On Sat, Jan 05, 2002 at 02:48:15PM +0100, clemensF wrote: > > Kris Kennaway: > > > /dev/random is a very low-output device which only produces output > > when there is entropy available to the kernel. It's entirely expected > > that openssl dhparam would take an extremely long time to run if > > yes, that makes sense. i'm wondering though, why openssl doesn't just sit > and wait until more entropy becomes available. isn't it funny that it > idles taking so much CPU? Yes, I suppose it is - that's something you should take up with the OpenSSL developers. > > you're using this device; that's why /dev/urandom is the default > > entropy source. I expect if you left it run long enough it would > > actually finish, it just might take quite a while, especially if you > > don't have many entropy sources defined via rndcontrol. > > which interrupts can be used safely forgathering entropy? i had massive > problems when experimenting with the entropy sources culminating in an > unusable system. Well, just don't use things like rtc or clk which have really high rates and you should be fine... Kris State Changed From-To: analyzed->closed Issue was determined to be the expected behaviour, although the performance of OpenSSL could possibly be improved in this case. |
