[ovs-dev] [PATCH] stream-ssl: Seed OpenSSL if it fails to seed itself.

[Justin Pettit]

On Aug 9, 2012, at 10:39 AM, Ben Pfaff <blp at nicira.com> wrote:

> -    if (!SSL_CTX_check_private_key(ctx)) {
> +    if (!retval && !SSL_CTX_check_private_key(ctx)) {

As you mentioned, this belongs in a separate patch.

> +    if (!RAND_status()) {

I assume SSL_library_init() seeds the PRNG?  I looked briefly, but couldn't see definitively.  I have a weak gag reflex, so I didn't want to download the code and look for myself.

> +        /* We occasionally see OpenSSL fail to seed its random number generator
> +         * in heavily loaded hypervisors.  I suspect the following scenario:
> +         *
> +         * 1. OpenSSL calls read() to get 32 bytes from /dev/urandom.
> +         * 2. The kernel generates 10 bytes of randomness and copies it out.
> +         * 3. A signal arrives (perhaps SIGALRM).
> +         * 4. The kernel interrupts the system call to service the signal.
> +         * 5. Userspace gets 10 bytes of entropy.
> +         * 6. OpenSSL doesn't read again to get the final 22 bytes.  Therefore
> +         *    OpenSSL doesn't have enough entropy to consider itself
> +         *    initialized.
> +         *
> +         * The only part I'm not entirely sure about is #6, because the OpenSSL
> +         * code is so hard to read. */

I think this last sentence makes sense to have in the commit message, but it seems confusing in code.  If the code lasts the test of time, then you were almost certainly correct in your hypothesis.  If not, then this code will likely be reverted.

> +        if (!retval) {
> +            RAND_seed(seed, sizeof seed);
> +        } else {
> +            VLOG_ERR("failed to obtain entropy (%s)",
> +                     ovs_retval_to_string(retval));
> +        }

Should we return an error if we failed to get enough entropy?

--Justin