Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 70713
Status: resolved
Worked: 20 min
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: dolmen [...] cpan.org
Cc: kmx [...] cpan.org
AdminCc:
Bug Information
Severity: Important
Broken in: 1.36
Fixed in: (no value)

History Show all quoted text
  Sun Sep 04 05:22:23 2011 dolmen [...] cpan.org - Ticket created
Subject: Win32 random number generator exists!
At install time on Win32, Net::SSLeay complains about not finding a random number generator. However such a random number generator exists in the Win32 crypto API: http://en.wikipedia.org/wiki/CryptGenRandom -- Olivier Mengué - https://metacpan.org/author/dolmen https://github.com/dolmen/
  Thu Sep 08 04:08:52 2011 MIKEM [...] cpan.org - Correspondence added
Hello, Can you provide the error messages you see and the commands needed to reproduce this? Cheers On Sun Sep 04 05:22:23 2011, DOLMEN wrote: Show quoted text
> At install time on Win32, Net::SSLeay complains about not finding a > random number generator. > > However such a random number generator exists in the Win32 crypto
API: Show quoted text
> http://en.wikipedia.org/wiki/CryptGenRandom
  Thu Sep 08 04:08:52 2011 The RT System itself - Status changed from 'new' to 'open'
  Sat Sep 24 18:51:16 2011 MIKEM [...] cpan.org - Correspondence added
Hi again, if you can send a patch to fix this issue, I will be happy to incorporate it. Cheers. On Thu Sep 08 04:08:52 2011, MIKEM wrote: Show quoted text
> Hello, > > Can you provide the error messages you see and the commands needed
to Show quoted text
> reproduce this? > > > Cheers > > > On Sun Sep 04 05:22:23 2011, DOLMEN wrote:
> > At install time on Win32, Net::SSLeay complains about not finding
a Show quoted text
> > random number generator. > > > > However such a random number generator exists in the Win32 crypto
> API:
> > http://en.wikipedia.org/wiki/CryptGenRandom
> >
  Sat Sep 24 18:51:17 2011 MIKEM [...] cpan.org - Given to MIKEM
  Thu Nov 03 19:55:54 2011 dolmen [...] cpan.org - Correspondence added
Show quoted text
> On Thu Sep 08 04:08:52 2011, MIKEM wrote:
> > Hello, > > > > Can you provide the error messages you see and the commands needed
> to
> > reproduce this? > > > > > > Cheers
The message appears when installing IO::Socket::SSL: ===================================================================== CPAN.pm: Going to build S/SU/SULLR/IO-Socket-SSL-1.49.tar.gz CPAN: CPAN::Reporter loaded ok (v1.1902) Net::SSLeay could not find a random number generator on your system. This will likely cause most of the tests to fail. Please see the README file for more information. the message from Net::SSLeay was: Random number generator not seeded!!! at blib\ lib\Net\SSLeay.pm (autosplit into blib\lib\auto\Net\SSLeay\randomize.al) line 21 89. Do you REALLY want to continue? [Default: no] ============================================================== This is StrawberryPerl 5.12.1, openssl 0.9.8l, Net::SSLeay 1.42. -- Olivier Mengué - http://perlresume.org/DOLMEN
  Fri Nov 04 02:52:06 2011 MIKEM [...] cpan.org - Correspondence added 20 min
Hello, thanks for your reply. Can you please run this command from a command shell on the affected Windows host: perl -MNet::SSLeay -e Net::SSLeay::randomize and send me the results printed out (if any) Cheers. On Thu Nov 03 19:55:54 2011, DOLMEN wrote: Show quoted text
> > On Thu Sep 08 04:08:52 2011, MIKEM wrote:
> > > Hello, > > > > > > Can you provide the error messages you see and the commands
needed Show quoted text
> > to
> > > reproduce this? > > > > > > > > > Cheers
> > The message appears when installing IO::Socket::SSL: > >
===================================================================== Show quoted text
> CPAN.pm: Going to build S/SU/SULLR/IO-Socket-SSL-1.49.tar.gz > > CPAN: CPAN::Reporter loaded ok (v1.1902) > Net::SSLeay could not find a random number generator on > your system. This will likely cause most of the tests > to fail. Please see the README file for more information. > the message from Net::SSLeay was: Random number generator not
seeded!!! Show quoted text
> at blib\ > lib\Net\SSLeay.pm (autosplit into
blib\lib\auto\Net\SSLeay\randomize.al) Show quoted text
> line 21 > 89. > > Do you REALLY want to continue? [Default: no] > ============================================================== > > > This is StrawberryPerl 5.12.1, openssl 0.9.8l, Net::SSLeay 1.42. > > >
  Mon Jan 30 08:34:47 2012 kmx [...] cpan.org - Correspondence added
Hi,

here is a sample code how to get 4096 random bytes from Win32 system random generator

#include <wincrypt.h>

void
SSL_win32_CryptGenRandom()
        PREINIT:
        HCRYPTPROV hCryptProv = (HCRYPTPROV)NULL;
        BYTE pbData[4096];
        int i, datasize = 0;
        CODE:            
        if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
          if(CryptGenRandom(hCryptProv, sizeof(pbData), pbData)) {
            datasize = sizeof(pbData);
          }
          CryptReleaseContext(hCryptProv,0);
        }
        ST(0) = sv_newmortal(); /* undef to start with */
        if (datasize >= 0)
          sv_setpvn(ST(0), pbData, datasize);


The question is what is the best way to incorporate it into Net::SSLeay

--
kmx
  Mon Jan 30 08:35:25 2012 kmx [...] cpan.org - Cc KMX added
  Mon Jan 30 19:25:32 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Tue, 31 Jan 2012 10:25:16 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hello, On Monday, January 30, 2012 08:34:48 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > > > Hi, > > here is a sample code how to get 4096 random bytes from Win32 system random > generator > > #include <wincrypt.h> > > void > SSL_win32_CryptGenRandom() > PREINIT: > HCRYPTPROV hCryptProv = (HCRYPTPROV)NULL; > BYTE pbData[4096]; > int i, datasize = 0; > CODE: > if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, > CRYPT_VERIFYCONTEXT)) { > if(CryptGenRandom(hCryptProv, sizeof(pbData), pbData)) { > datasize = sizeof(pbData); > } > CryptReleaseContext(hCryptProv,0); > } > ST(0) = sv_newmortal(); /* undef to start with */ > if (datasize >= 0) > sv_setpvn(ST(0), pbData, datasize); > > > The question is what is the best way to incorporate it into Net::SSLeay
this should built in to openssl not net-ssleay, and indeed on checking it appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a etc. Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Tue Jan 31 03:37:23 2012 kmx [...] volny.cz - Correspondence added
CC: dolmen [...] cpan.org
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Tue, 31 Jan 2012 09:37:13 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Show quoted text
> this should built in to openssl not net-ssleay, and indeed on checking it > appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a etc. >
OK, I agree. In that case the question is whether on MS Windows the function Net::SSLeay::randomize() has to throw a warning: "Random number generator not seeded!!!" if we can simply collect some reasonable entropy from MS Win OS by calling Net::SSLeay::RAND_poll() -- kmx
  Tue Jan 31 17:54:35 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Wed, 01 Feb 2012 08:54:21 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hmm, looks to me like openssl by default calls RAND_poll automatically. So perhaps Net::SSLeay should not be warning about no seeding at all? Views. Cheers. On Tuesday, January 31, 2012 03:37:24 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > this should built in to openssl not net-ssleay, and indeed on checking > > it > > appears to be present in crypto/rand/rand_win.c in openssl 1.0.0, 0.9.8a > > etc.
> OK, I agree. In that case the question is whether on MS Windows the > function Net::SSLeay::randomize() has to throw a warning: > > "Random number generator not seeded!!!" > > if we can simply collect some reasonable entropy from MS Win OS by > calling Net::SSLeay::RAND_poll() > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Fri Feb 03 12:01:03 2012 kmx [...] cpan.org - Correspondence added
Show quoted text
> looks to me like openssl by default calls RAND_poll automatically.

I thing we should do something like this:

- warn "Random number generator not seeded!!!" if $trace;
+ my $poll_retval = Net::SSLeay::RAND_poll();
+ warn "Random number generator not seeded!!!" if $trace && !$poll_retval;

(AFAIK return value 0 means that RAND_poll was not able to collect enough entropy)

--
kmx
  Fri Feb 03 17:06:27 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Sat, 04 Feb 2012 08:06:17 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
Hi, On Friday, February 03, 2012 12:01:04 PM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > looks to me like openssl by default calls RAND_poll automatically.
> > I thing we should do something like this: > > - warn "Random number generator not seeded!!!" if $trace; > + my $poll_retval = Net::SSLeay::RAND_poll(); > + warn "Random number generator not seeded!!!" if $trace && !$poll_retval; > > (AFAIK return value 0 means that RAND_poll was not able to collect enough > entropy)
Yes, I think thats OK. Cheers. Show quoted text
> > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Thu Feb 09 03:02:10 2012 kmx [...] volny.cz - Correspondence added
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Thu, 09 Feb 2012 09:01:59 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: kmx <kmx [...] volny.cz>
Show quoted text
> Yes, I think thats OK. >
Here comes a patch. -- kmx

Message body is not shown because sender requested not to inline it.

  Thu Feb 09 04:51:31 2012 mikem [...] open.com.au - Correspondence added
Subject: Re: [rt.cpan.org #70713] Win32 random number generator exists!
Date: Thu, 09 Feb 2012 19:51:22 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] open.com.au>
HI, Thanks. Now in 297 On Thursday, February 09, 2012 03:02:11 AM you wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=70713 > >
> > Yes, I think thats OK.
> > Here comes a patch. > > -- > kmx
-- Mike McCauley mikem@open.com.au Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
  Thu Mar 22 17:29:46 2012 MIKEM [...] cpan.org - Status changed from 'open' to 'resolved'