We are seeing the deadlock in FIPS 2.0. (1.0.1c + fips-2.0 and using
AES256-SHA256 if that matters.) DRBG's auto reseeding (after 2^24 operations)
causes it. Here is the simplified backtrace.
fips_drbg_bytes()
CRYPTO_w_lock(CRYPTO_LOCK_RAND)
FIPS_drbg_generate()
drbg_reseed()
fips_get_entropy()
drbg_get_entropy()
ssleay_rand_bytes()
CRYPTO_w_lock(CRYPTO_LOCK_RAND)
Obviously, a simple workaround is to register the locking callback that uses
the recursive lock (e.g., PTHREAD_MUTEX_RECURSIVE_NP). However, I can't find
such locking requirement in OpenSSL FIPS 2.0 User Guide. (And w/o FIPS 2.0,
OpenSSL clearly avoids the recursive lock.)
Are we not initializing FIPS properly? If so, what's missing? (We are not
registering our own entropy callbacks.) Or, is this a simple oversight in FIPS
locking???
--- Seiichi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
