c - Why would PK11_GenerateRandom() return an error -8023? -


i looking through internet trying find source of pk11_generaterandom() function see why function fail. have program uses function when moved new flavor of linux, fails after forking (fork()) since not believe there problem nss, suspect doing incorrectly disregarded in older versions of linux new 1 there issue.

the openssl package same on 'good' , 'bad' server:

openssl 0.9.8e-fips-rhel5 01 jul 

nss rpm differs though. 'good' has

nss-3.12.2.0-2.el5 

and bas has version

nss-3.15.3-4.el5_10 

the 'good' server uses quite obsolete linux:

linux 2.6.18-128.el5 #1 smp wed jan 21 08:45:05 est 2009 x86_64 x86_64 x86_64 gnu/linux enterprise linux enterprise linux server release 5.3 (carthage) red hat enterprise linux server release 5.3 (tikanga) 

the 'bad' server newer:

linux bad 2.6.18-371.4.1.el5 #1 smp wed jan 29 11:05:49 pst 2014 x86_64 x86_64 x86_64 gnu/linux oracle linux server release 5.10 red hat enterprise linux server release 5.10 (tikanga) 

any clue find source or reason failure (like side effect coming fork()) appreciated.

  • greg

edit

here code, simple, did not think needed.

/* random points allocated memory, let=32 */ secstatus rv = pk11_generaterandom((unsigned char *)random, (int)len); if ( rv != secsuccess )     printf( "pk11_generaterandom error = %d\n", pr_geterror()) ; 

and output message is, of course:

pk11_generaterandom error = -8023 
  • greg

the source of pk11_generaterandom() function: http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/pk11wrap/pk11slot.c#2285

based on calculation -8023 corresponds error sec_error_pkcs11_device_error

the reason (thanks jariq's hints) described here: https://bugzilla.mozilla.org/show_bug.cgi?id=331096

it in past, okay fork , continue using pkcs11 functions. decided cannot that, , now, conclusion parent should not initialize these functions if child after forking expected use them.

pkcs11 internal functions checking if there forking (they use various methods dependently on platform code built.) example, stored pid of process in internal memory, , in expensive functions or called not compare preserved pid current getpid().

the fix our problem require redesigning code.


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -