Problems with Random Number Seeding

Problems with Random Number Seeding

am 03.10.2003 01:54:24 von Jeremy McDermond

I'm not sure if this is an issue with mod_ssl, or possibly with
OpenSSL's engine code itself. I have a FreeBSD 5.1R box with a
Broadcom BCM5820 crypto accelerator board. I'm using mod_ssl's
experimental extensions to enable this board, and I'm using it through
BSD's cryptodev subsystem. When I first start the server, after
configuration, and before forking daemons, it will dump core with
either an Illegal Instruction or a Segmentation Fault. It seems to do
this intermittently, and not on a consistent basis. It almost seems
like the seeding process is not completing correctly the first time. I
have the random device set to /dev/urandom to enable BSD to provide
entropy for mod_ssl. It almost seems as if its ignoring this device
and trying to get entropy from somewhere else. Has anybody seen any
behavior like this?

OS: FreeBSD 5.1R
Apache Version: 1.3.28
mod_ssl Version: 2.8.15
OpenSSL Version: 0.9.7a

mod_ssl configure:
./configure --with-apache=../apache_1.3.27 --with-mm=../mm-1.3.0

apache configure:
setenv LDFLAGS -L/usr/local/lib
setenv CFLAGS -I/usr/local/include
setenv EAPI_MM ../mm-1.3.0

../configure \
--prefix=/private/apache \
--enable-module=most \
--enable-shared=max \
--server-uid=www \
--server-gid=www \
--enable-suexec \
--suexec-caller=www \
--suexec-uidmin=2000 \
--suexec-gidmin=100 \
--suexec-docroot=/private/filer/www \
--enable-module=ssl \
--enable-shared=ssl \
--enable-rule=SSL_EXPERIMENTAL \
--activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c

Backtrace:

#0 0x282ef152 in engine_table_select () from /usr/lib/libcrypto.so.3
#1 0x282caeaa in ENGINE_get_default_RAND () from
/usr/lib/libcrypto.so.3
#2 0x282c9ea5 in RAND_get_rand_method () from /usr/lib/libcrypto.so.3
#3 0x282c9fc9 in RAND_seed () from /usr/lib/libcrypto.so.3
#4 0x284ecefd in ssl_rand_feedfp () from
/private/apache/libexec/libssl.so
#5 0x284ecbd0 in ssl_rand_seed () from
/private/apache/libexec/libssl.so
#6 0x284e7f23 in ssl_init_TmpKeysHandle ()
from /private/apache/libexec/libssl.so
#7 0x284e7c09 in ssl_init_Module () from
/private/apache/libexec/libssl.so
#8 0x08059cf4 in ap_init_modules ()
#9 0x08064a7b in main ()
#10 0x0804f7f5 in _start ()

--
Jeremy C. McDermond
mcdermj@peak.org
Lead Engineer
Peak Internet, LLC
(541) 738-4921

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org