Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 70713
Status: resolved
Worked: 20 min
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: dolmen [...] cpan.org
Cc: kmx [...] cpan.org
AdminCc:

Bug Information
Severity: Important
Broken in: 1.36
Fixed in: (no value)



Subject: Win32 random number generator exists!
Download (untitled) / with headers
text/plain 293b
At install time on Win32, Net::SSLeay complains about not finding a random number generator. However such a random number generator exists in the Win32 crypto API: http://en.wikipedia.org/wiki/CryptGenRandom -- Olivier Mengué - https://metacpan.org/author/dolmen https://github.com/dolmen/
Download (untitled) / with headers
text/plain 371b
Hello, Can you provide the error messages you see and the commands needed to reproduce this? Cheers On Sun Sep 04 05:22:23 2011, DOLMEN wrote: Show quoted text
> At install time on Win32, Net::SSLeay complains about not finding a > random number generator. > > However such a random number generator exists in the Win32 crypto
API: Show quoted text
Download (untitled) / with headers
text/plain 553b
Hi again, if you can send a patch to fix this issue, I will be happy to incorporate it. Cheers. On Thu Sep 08 04:08:52 2011, MIKEM wrote: Show quoted text
> Hello, > > Can you provide the error messages you see and the commands needed
to Show quoted text
> reproduce this? > > > Cheers > > > On Sun Sep 04 05:22:23 2011, DOLMEN wrote:
> > At install time on Win32, Net::SSLeay complains about not finding
a Show quoted text
> > random number generator. > > > > However such a random number generator exists in the Win32 crypto
> API: > >
Download (untitled) / with headers
text/plain 986b
Show quoted text
> On Thu Sep 08 04:08:52 2011, MIKEM wrote:
> > Hello, > > > > Can you provide the error messages you see and the commands needed
> to
> > reproduce this? > > > > > > Cheers
The message appears when installing IO::Socket::SSL: ===================================================================== CPAN.pm: Going to build S/SU/SULLR/IO-Socket-SSL-1.49.tar.gz CPAN: CPAN::Reporter loaded ok (v1.1902) Net::SSLeay could not find a random number generator on your system. This will likely cause most of the tests to fail. Please see the README file for more information. the message from Net::SSLeay was: Random number generator not seeded!!! at blib\ lib\Net\SSLeay.pm (autosplit into blib\lib\auto\Net\SSLeay\randomize.al) line 21 89. Do you REALLY want to continue? [Default: no] ============================================================== This is StrawberryPerl 5.12.1, openssl 0.9.8l, Net::SSLeay 1.42. -- Olivier Mengué - http://perlresume.org/DOLMEN
Download (untitled) / with headers
text/plain 1.2k
Hello, thanks for your reply. Can you please run this command from a command shell on the affected Windows host: perl -MNet::SSLeay -e Net::SSLeay::randomize and send me the results printed out (if any) Cheers. On Thu Nov 03 19:55:54 2011, DOLMEN wrote: Show quoted text
> > On Thu Sep 08 04:08:52 2011, MIKEM wrote:
> > > Hello, > > > > > > Can you provide the error messages you see and the commands
needed Show quoted text
> > to
> > > reproduce this? > > > > > > > > > Cheers
> > The message appears when installing IO::Socket::SSL: > >
===================================================================== Show quoted text
> CPAN.pm: Going to build S/SU/SULLR/IO-Socket-SSL-1.49.tar.gz > > CPAN: CPAN::Reporter loaded ok (v1.1902) > Net::SSLeay could not find a random number generator on > your system. This will likely cause most of the tests > to fail. Please see the README file for more information. > the message from Net::SSLeay was: Random number generator not
seeded!!! Show quoted text
> at blib\ > lib\Net\SSLeay.pm (autosplit into
blib\lib\auto\Net\SSLeay\randomize.al) Show quoted text
> line 21 > 89. > > Do you REALLY want to continue? [Default: no] > ============================================================== > > > This is StrawberryPerl 5.12.1, openssl 0.9.8l, Net::SSLeay 1.42. > > >
Hi,

here is a sample code how to get 4096 random bytes from Win32 system random generator

#include <wincrypt.h>

void
SSL_win32_CryptGenRandom()
        PREINIT:
        HCRYPTPROV hCryptProv = (HCRYPTPROV)NULL;
        BYTE pbData[4096];
        int i, datasize = 0;
        CODE:            
        if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
          if(CryptGenRandom(hCryptProv, sizeof(pbData), pbData)) {
            datasize = sizeof(pbData);
          }
          CryptReleaseContext(hCryptProv,0);
        }
        ST(0) = sv_newmortal(); /* undef to start with */
        if (datasize >= 0)
          sv_setpvn(ST(0), pbData, datasize);


The question is what is the best way to incorporate it into Net::SSLeay

--
kmx
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Tue, 31 Jan 2012 10:25:16 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.5k
Hello, On Monday, January 30, 2012 08:34:48 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > > > Hi, > > here is a sample code how to get 4096 random bytes from Win32 system random > generator > > #include <wincrypt.h> > > void > SSL_win32_CryptGenRandom() > PREINIT: > HCRYPTPROV hCryptProv = (HCRYPTPROV)NULL; > BYTE pbData[4096]; > int i, datasize = 0; > CODE: > if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, > CRYPT_VERIFYCONTEXT)) { > if(CryptGenRandom(hCryptProv, sizeof(pbData), pbData)) { > datasize = sizeof(pbData); > } > CryptReleaseContext(hCryptProv,0); > } > ST(0) = sv_newmortal(); /* undef to start with */ > if (datasize >= 0) > sv_setpvn(ST(0), pbData, datasize); > > > The question is what is the best way to incorporate it into Net::SSLeay
this should built in to openssl not net-ssleay, and indeed on checking it appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a etc. Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
CC: dolmen [...] cpan.org
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Tue, 31 Jan 2012 09:37:13 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Download (untitled) / with headers
text/plain 442b
Show quoted text
> this should built in to openssl not net-ssleay, and indeed on checking it > appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a etc. >
OK, I agree. In that case the question is whether on MS Windows the function Net::SSLeay::randomize() has to throw a warning: "Random number generator not seeded!!!" if we can simply collect some reasonable entropy from MS Win OS by calling Net::SSLeay::RAND_poll() -- kmx
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Wed, 01 Feb 2012 08:54:21 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.3k
Hmm, looks to me like openssl by default calls RAND_poll automatically. So perhaps Net::SSLeay should not be warning about no seeding at all? Views. Cheers. On Tuesday, January 31, 2012 03:37:24 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > this should built in to openssl not net-ssleay, and indeed on checking > > it > > appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a > > etc.
> OK, I agree. In that case the question is whether on MS Windows the > function Net::SSLeay::randomize() has to throw a warning: > > "Random number generator not seeded!!!" > > if we can simply collect some reasonable entropy from MS Win OS by > calling Net::SSLeay::RAND_poll() > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Show quoted text
> looks to me like openssl by default calls RAND_poll automatically.

I thing we should do something like this:

- warn "Random number generator not seeded!!!" if $trace;
+ my $poll_retval = Net::SSLeay::RAND_poll();
+ warn "Random number generator not seeded!!!" if $trace && !$poll_retval;

(AFAIK return value 0 means that RAND_poll was not able to collect enough entropy)

--
kmx
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Sat, 04 Feb 2012 08:06:17 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 1.1k
Hi, On Friday, February 03, 2012 12:01:04 PM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > looks to me like openssl by default calls RAND_poll automatically.
> > I thing we should do something like this: > > - warn "Random number generator not seeded!!!" if $trace; > + my $poll_retval = Net::SSLeay::RAND_poll(); > + warn "Random number generator not seeded!!!" if $trace && !$poll_retval; > > (AFAIK return value 0 means that RAND_poll was not able to collect enough > entropy)
Yes, I think thats OK. Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Thu, 09 Feb 2012 09:01:59 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Show quoted text
> Yes, I think thats OK. >
Here comes a patch. -- kmx

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Thu, 09 Feb 2012 19:51:22 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Download (untitled) / with headers
text/plain 840b
HI, Thanks. Now in 297 On Thursday, February 09, 2012 03:02:11 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > Yes, I think thats OK.
> > Here comes a patch. > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.