Exception with AutoSeededRandomPool

[Voronkov Konstantin]

Hello, All!

 

I have exception using AutoSeededRandomPool.

OS_Rgn:CryptGenRandom operation failed with error 0x57  OTHER_ERROR

 

I'm calling AutoSeededRandomPool rng;

 

Here is the stack:
ADVAPI32! 7c2e7324()
ADVAPI32! 7c2ea85b()
CRYPTOPP! 42966e6a()
AfxWinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00000000, char *
0x00133c8e, int 1) line 39 + 11 bytes
WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00000000, char * 0x00133c8e,
int 1) line 30
WinMainCRTStartup() line 330 + 54 bytes
KERNEL32! 7c4e87f5()

I'm using modified version of CryptoPP 5.21

This happens in MFC application, and does not reproduced

 in little sample console application.

 

Have anyone any idea about the reasons of this problem?

 

Best Regards,

Voronkov Konstantin

[Voronkov Konstantin]

Additional information. When we catch exception and call

 GetLastError we have error 87 - incorrect parameter.

 

Regards,

Konstantin

[Voronkov Konstantin]

Hello, All!

 

I made analysis of source code of CryptoPP and came to next question.

There is a call to CryptReleaseContext() on Windows Platform,

 but no call to CryptContextAddRef(). IMHO, according to MSDN

the call to CryptContextAddRef() is missing. Is not it?

 

Best Regards,

Voronkov Konstantin

 

 

----- Original Message -----

From: Voronkov Konstantin

To: crypto...@eskimo.com

Sent: Wednesday, November 17, 2004 7:00 PM

Subject: Exception with AutoSeededRandomPool

[Voronkov Konstantin]

Hello, All!

 

I have a question about AllocatorBase, AllocatorWithCleanup, .. classes.

 In the header of secblock.h I see comment:

>  secure memory allocation

What is secure here? Do you mean memory block which can not

 be writed to cache or which can be accessed from application?

Why this classes are needed?

There is declared AllocatorBase::construct() but never used?

 At least I did not found how it is used. What that is for?

 

Can you provide a link about how to use

 those classes and their purposes, please?

 

Thanks in advance,

Voronkov Konstantin

[Voronkov Konstantin]

Sorry, it looks like CryptoPP uses CryptReleaseContext() normally :-/

 

Regards,

[Voronkov Konstantin]

Hello, All!

 

We still experience the problem. Here is bit of additional information:

 - the call stack can be found in the first mail (see below)

 - the exception we have is:

OS_Rgn:CryptGenRandom operation failed with error: OTHER_ERROR

 - we are calling  AutoSeededRandomPool rng with no parameters

 -  When exception is catched the GetlastError returns error code 87.
Error lookup said: The parameter is incorrect.

 

In MSDN the explanation on CryptGenRandom given next information

 ERROR_INVALID_PARAMETER One of the parameters contains an invalid value.

This is most often an illegal pointer.

The pointer provided to the CryptGenRandom function is

 SecByteBlock seed(seedSize);

 

Additional information on compilation settings on CryptoPP and our application:

- we have multithread Dll run-time library

- we do not have _WIN64-platform

- we use VS 6 compiler with service pack 5

- we use __cdecl calling conventions

- we use default new and delete operators from run-time library

 

 

The main problem, that we can not reproduce it in every applciation,

 only in our complex application which links and uses MFC.

 

Can anyone hint where we can start searching the problem, please?

 

Regards,

Voronkov Konstantin

 

----- Original Message -----

From: Voronkov Konstantin

To: crypto...@eskimo.com

Sent: Monday, November 29, 2004 12:18 PM

Subject: Re: Exception with AutoSeededRandomPool - Probably BUG in CryptoPP?

[Voronkov Konstantin]

One more short :)

 

I propose to solve this problem (in case you agree this is problem)

 by doing self-test on attachement of the first thread instead of process

attachment to CryptoPP library.

 

Best Regards and thank you for your attention,

Konstantin

----- Original Message -----

From: Voronkov Konstantin

To: crypto...@eskimo.com

Sent: Monday, November 29, 2004 7:31 PM

Subject: Re: Exception with AutoSeededRandomPool - Probably BUG in CryptoPP?

Hello, again :)

 

Probably I found the reason of the problem:

 the reason may be because in DllMain of CryptoPP there is a self-test,

but the advapi dll is not loaded. That is why problem happens.

To solve the problem I'll comment self-test of CrypoPP in DllMain,

 thus no function from advapi will be used, and I'll have no exceptions.

 

At least this works for me.

[Voronkov Konstantin]

Hello, again :)

 

Probably I found the reason of the problem:

 the reason may be because in DllMain of CryptoPP there is a self-test,

but the advapi dll is not loaded. That is why problem happens.

To solve the problem I'll comment self-test of CrypoPP in DllMain,

 thus no function from advapi will be used, and I'll have no exceptions.

 

At least this works for me.

 

[Dan Sanderson]

There's also a problem in the random number generator when using the Windows security provider if you still have WORKAROUND_MS_BUG_Q258000 #defined in config.h

The problem is that when this is #defined, there's only a static single security provider handle with no protection from concurrent access by multiple threads. If two threads are trying to call NonblockingRng::GenerateBlock at the same time, apparently Windows gets angry and throws an access violation.

Removing the #define WORKAROUND_MS_BUG_Q258000 fixed the problem for me. According to Microsoft, the reason for this workaround was because of a large memory leak in Microsoft's security provider, which was fixed a long time ago. In fact, you can't even find a reference to WORKAROUND_MS_BUG_Q258000 in the latest MSDN library.

I'd be interested in knowing if anyone has run into this.

Dan Sanderson
Living Software, Inc.




<-----Original Message----->

From: Voronkov Konstantin Sent: 11/29/2004 4:28:27 AM To: crypto...@eskimo.com Subject: Re: Exception with AutoSeededRandomPool - Probably BUG in CryptoPP?

> > > >

> Hello, All! > > I made analysis of source code of CryptoPP and came to next >question. > There is a call to CryptReleaseContext() on Windows >Platform, > but no call to CryptContextAddRef(). >IMHO, according to MSDN > the call to CryptContextAddRef() is >missing. Is not it? > > Best Regards, > Voronkov Konstantin > > >

>style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> > ----- Original Message ----- > > style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black">From: > > href="mailto:Konstanti...@echotech.ch">Voronkov Konstantin > To: > href="mailto:crypto...@eskimo.com">crypto...@eskimo.com

>

_______________________________________________________________
Get the FREE email that has everyone talking at http://www.mail2world.com

 

[Voronkov Konstantin]

Hello Dan!

 

Although the obvious profit of using static Cryptographic provider is remove

 the need of initialization of Cryptographic provider each time - as I understand

it causes dll loading each time. But the safety in multithreaded environment

looks much more profit for me :-)

BTW, I found no information how to use Cryptographic provider in multithreaded

 environment in MSDN. That is why I assumed that CryptoPP uses it in correct

way. Can anyone provide any link or information about it, please?

 

Thank you much,

Konstantin

 

----- Original Message -----

From: Dan Sanderson

To: crypto...@eskimo.com

[Voronkov Konstantin]

Hello, All!

I still found no information on this topic. Will you provide any link, please?

Best Regards,
Konstantin

Voronkov Konstantin wrote:

Hello, All!

 

I have a question about AllocatorBase, AllocatorWithCleanup, ... classes.

[Walton, Jeffrey (Contractor)]

Hi Konstantin,

 

> What is secure here? Do you mean memory block

IIRC, the secure block zeros memory (look in the dtor).

 

> There is declared AllocatorBase::construct() but never used?

In a Windows environment, I imagine you would override so the the memory does not get paged out (used to required the DDK).

 

Jeff

 

---

From: Voronkov Konstantin [mailto:Konstanti...@echotech.ch]
Sent: Monday, January 10, 2005 1:51 PM
To: crypto...@eskimo.com
Subject: Re: What is AllocatorBase class for?