You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I am running openssl in CA application and do the test on QEMU default environment (QEMU v7). Version of optee used is 3.6.0.
When my CA application invokes SSL_CTX_new( ), it hangs at RAND_bytes( ), analysing the call stack revealed that syscall to getentropy( ) function at UNIX blocked. Callstack as below:
3004 if ((RAND_bytes(ret->ext.tick_key_name,
(gdb)
^C
Program received signal SIGINT, Interrupt.
__libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
46 swi 0x0
(gdb) bt
#0 _libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46 #1 0x76b4abe6 in getentropy (buffer=0x3a778, length=) at ../sysdeps/unix/sysv/linux/getentropy.c:45 #2 0x76e1dec8 in syscall_random (buf=0x3a778, buflen=32) at crypto/rand/rand_unix.c:324 #3 0x76e1e5d4 in rand_pool_acquire_entropy (pool=0x3a750) at crypto/rand/rand_unix.c:589 #4 0x76e1c590 in rand_drbg_get_entropy (drbg=0x3a508, pout=0x7efffb44, entropy=256, min_len=32, max_len=2147483647, prediction_resistance=0) at crypto/rand/rand_lib.c:198 #5 0x76e1a964 in RAND_DRBG_instantiate (drbg=0x3a508, pers=0x76eef35c <ossl_pers_string> "OpenSSL NIST SP 800-90A DRBG", perslen=28) at crypto/rand/drbg_lib.c:338 #6 0x76e1bbac in drbg_setup (parent=0x0) at crypto/rand/drbg_lib.c:895 #7 0x76e1bc80 in do_rand_drbg_init () at crypto/rand/drbg_lib.c:924 #8 0x76e1bbe8 in do_rand_drbg_init_ossl () at crypto/rand/drbg_lib.c:909 #9 0x76c5988e in pthread_once_slow (once_control=0x76f26f8c <rand_drbg_init>, init_routine=0x76e1bbdc <do_rand_drbg_init_ossl>) at pthread_once.c:116 #10 0x76e63370 in CRYPTO_THREAD_run_once (once=0x76f26f8c <rand_drbg_init>, init=0x76e1bbdc <do_rand_drbg_init_ossl>) at crypto/threads_pthread.c:118 #11 0x76e1c164 in RAND_DRBG_get0_public () at crypto/rand/drbg_lib.c:1116 #12 0x76e1be18 in drbg_bytes (out=0x39e38 "", count=16) at crypto/rand/drbg_lib.c:966 #13 0x76e1ddb4 in RAND_bytes (buf=0x39e38 "", num=16) at crypto/rand/rand_lib.c:938 #14 0x76f687c8 in SSL_CTX_new (meth=0x76fcfef0 <TLS_server_method_data.26172>) at ssl/ssl_lib.c:3004 #15 0x00012878 in server_create_context () at test/src/vpp_openssl_adpt_server.c:75 #16 0x00012b64 in tls12_server () at test/src/vpp_openssl_adpt_server.c:169 #17 0x00012ccc in main () at test/src/vpp_openssl_adpt_server.c:215
The text was updated successfully, but these errors were encountered:
It looks like the guest doesn't have enough entropy. Please try enabling the VirtIORNG device, see here: https://wiki.qemu.org/Features/VirtIORNG
(Note: there is a QEMU parameter plus a command in the guest)
Hi,
I am running openssl in CA application and do the test on QEMU default environment (QEMU v7). Version of optee used is 3.6.0.
When my CA application invokes SSL_CTX_new( ), it hangs at RAND_bytes( ), analysing the call stack revealed that syscall to getentropy( ) function at UNIX blocked. Callstack as below:
3004 if ((RAND_bytes(ret->ext.tick_key_name,
(gdb)
^C
Program received signal SIGINT, Interrupt.
__libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
46 swi 0x0
(gdb) bt
#0 _libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:46
#1 0x76b4abe6 in getentropy (buffer=0x3a778, length=) at ../sysdeps/unix/sysv/linux/getentropy.c:45
#2 0x76e1dec8 in syscall_random (buf=0x3a778, buflen=32) at crypto/rand/rand_unix.c:324
#3 0x76e1e5d4 in rand_pool_acquire_entropy (pool=0x3a750) at crypto/rand/rand_unix.c:589
#4 0x76e1c590 in rand_drbg_get_entropy (drbg=0x3a508, pout=0x7efffb44, entropy=256, min_len=32, max_len=2147483647, prediction_resistance=0) at crypto/rand/rand_lib.c:198
#5 0x76e1a964 in RAND_DRBG_instantiate (drbg=0x3a508, pers=0x76eef35c <ossl_pers_string> "OpenSSL NIST SP 800-90A DRBG", perslen=28) at crypto/rand/drbg_lib.c:338
#6 0x76e1bbac in drbg_setup (parent=0x0) at crypto/rand/drbg_lib.c:895
#7 0x76e1bc80 in do_rand_drbg_init () at crypto/rand/drbg_lib.c:924
#8 0x76e1bbe8 in do_rand_drbg_init_ossl () at crypto/rand/drbg_lib.c:909
#9 0x76c5988e in pthread_once_slow (once_control=0x76f26f8c <rand_drbg_init>, init_routine=0x76e1bbdc <do_rand_drbg_init_ossl>) at pthread_once.c:116
#10 0x76e63370 in CRYPTO_THREAD_run_once (once=0x76f26f8c <rand_drbg_init>, init=0x76e1bbdc <do_rand_drbg_init_ossl>) at crypto/threads_pthread.c:118
#11 0x76e1c164 in RAND_DRBG_get0_public () at crypto/rand/drbg_lib.c:1116
#12 0x76e1be18 in drbg_bytes (out=0x39e38 "", count=16) at crypto/rand/drbg_lib.c:966
#13 0x76e1ddb4 in RAND_bytes (buf=0x39e38 "", num=16) at crypto/rand/rand_lib.c:938
#14 0x76f687c8 in SSL_CTX_new (meth=0x76fcfef0 <TLS_server_method_data.26172>) at ssl/ssl_lib.c:3004
#15 0x00012878 in server_create_context () at test/src/vpp_openssl_adpt_server.c:75
#16 0x00012b64 in tls12_server () at test/src/vpp_openssl_adpt_server.c:169
#17 0x00012ccc in main () at test/src/vpp_openssl_adpt_server.c:215
The text was updated successfully, but these errors were encountered: