Security.DSSRandom>>default crash due to seed too small

I managed to get a crash calling "Security.DSSRandom default".  The
crash was in #seed: when it discovered that it only had 152 bits for the
seed, not 160 as it would normally have.  Looking at #systemStateSeed,
it appears that this might happen if I just got unlucky.  I tried
running #systemStateSeed repeatedly and always got 160 bits after that,
so I haven't been able to reproduce it.  When it crashed, the
seedInteger that had been produced was: 579156623996085893241359902925961.

The contents of the stream passed to #resetDefaultFrom: was:
1:  137
2:  100
3:  103
4:  109
5:  252
6:  33
7:  115
8:  86
9:  80
10:  0
11:  251
12:  251
13:  141
14:  28
15:  0
16:  0
17:  0
18:  0
19:  0
20:  0

Which seems to indicate that the following were all zero:
(ObjectMemory current incMarkedBytes bitShift: -2) bitAnd: 16rFFFF
(ObjectMemory current incNilledBytes bitShift: -2) bitAnd: 16rFFFF
ObjectMemory current incReclaimedBytes bitAnd: 16rFFFF

Any way, it seems unlikely that it will bother me again, but just
thought I'd mention that this can happen.
David

There is an open AR for this issue. It can occur at startup, or soon
thereafter, before all the memory space objects have been allocated.
If you do some "busy work" a bit, the GC will soon allocate those
areas for its own tracking purposes.

AR# 50362 Description DSSRandom default can throw exception at startup.

- Dave W

David,

I just walked right into this one and it was nowhere near startup, I've been
working in this image for quite a bit,

The seed must be at least 160 bits long!
Security.DSSRandom(Object)>>error:
Security.DSSRandom>>seed:
Security.DSSRandom class>>seed:
Security.DSSRandom class>>resetDefaultFrom:
Security.DSSRandom class>>resetDefault
optimized [] in Security.DSSRandom class>>default
UndefinedObject>>ifNil:
Security.DSSRandom class>>default
Security.SSLContext class>>defaultRandomValue
optimized [] in Security.SSLContext class>>defaultRandom
UndefinedObject>>ifNil:
Security.SSLContext class>>defaultRandom
optimized [] in Security.SSLContext>>random
UndefinedObject>>ifNil:
Security.SSLContext>>random
Security.SSLSession>>random
Security.SSLSession>>generateRandom
Security.SSLSession>>sendClientHello:

----------------------------------------------------------------------
Security.DSSRandom(Object)>>error:
Receiver:
        a Security.DSSRandom
Instance Variables:
        seed = nil
        q = nil
        seedMask = nil
        sha = nil
        auxInput = nil
        mutex = nil
Arguments:
        aStringOrMessage = an UserMessage('The seed must be at least 160
bits long!', #SeedLessThan160Bits, #security)
Temporaries:
        lastNonSpace = 40
        aString = 'The seed must be at least 160 bits long!'
Context PC = 18

----------------------------------------------------------------------
Security.DSSRandom>>seed:
Receiver:
        a Security.DSSRandom
Instance Variables:
        seed = nil
        q = nil
        seedMask = nil
        sha = nil
        auxInput = nil
        mutex = nil
Arguments:
        seedInteger = 16358691123232622817336128377478652774945049
Context PC = 17

----------------------------------------------------------------------
Security.DSSRandom class>>seed:
Receiver:
        a Security.DSSRandom class
Instance Variables:
        superclass = Random
        methodDict = a MethodDictionary[17]
        format = 16390
        subclasses = nil
        instanceVariables = an Array[5]
        organization = ('accessing' #auxInput #auxInput: #next #q #q: #sha)
('initialization' #b: #initializeMutex #q:b: #q:seed: #seed:)
('private' #autogeneratedSeed: #blockSize #byteStream
#nextChunkOfRandomBytesFor: #privateNext #privateNextExtended)

        name = #DSSRandom
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        default = nil
Arguments:
        seedInteger = 16358691123232622817336128377478652774945049
Context PC = 6

----------------------------------------------------------------------
Security.DSSRandom class>>resetDefaultFrom:
Receiver:
        a Security.DSSRandom class
Instance Variables:
        superclass = Random
        methodDict = a MethodDictionary[17]
        format = 16390
        subclasses = nil
        instanceVariables = an Array[5]
        organization = ('accessing' #auxInput #auxInput: #next #q #q: #sha)
('initialization' #b: #initializeMutex #q:b: #q:seed: #seed:)
('private' #autogeneratedSeed: #blockSize #byteStream
#nextChunkOfRandomBytesFor: #privateNext #privateNextExtended)

        name = #DSSRandom
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        default = nil
Arguments:
        aByteStream = a ReadStream
Temporaries:
        seed = 16358691123232622817336128377478652774945049
Context PC = 30

----------------------------------------------------------------------
Security.DSSRandom class>>resetDefault
Receiver:
        a Security.DSSRandom class
Instance Variables:
        superclass = Random
        methodDict = a MethodDictionary[17]
        format = 16390
        subclasses = nil
        instanceVariables = an Array[5]
        organization = ('accessing' #auxInput #auxInput: #next #q #q: #sha)
('initialization' #b: #initializeMutex #q:b: #q:seed: #seed:)
('private' #autogeneratedSeed: #blockSize #byteStream
#nextChunkOfRandomBytesFor: #privateNext #privateNextExtended)

        name = #DSSRandom
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        default = nil
Context PC = 9

----------------------------------------------------------------------
optimized [] in Security.DSSRandom class>>default
Receiver:
        an UndefinedObject
Temporaries:
        .self = Security.DSSRandom
Context PC = 6

----------------------------------------------------------------------
UndefinedObject>>ifNil:
Receiver:
        an UndefinedObject
Arguments:
        aBlock = BlockClosure [] in Security.DSSRandom class>>default
Context PC = 3

----------------------------------------------------------------------
Security.DSSRandom class>>default
Receiver:
        a Security.DSSRandom class
Instance Variables:
        superclass = Random
        methodDict = a MethodDictionary[17]
        format = 16390
        subclasses = nil
        instanceVariables = an Array[5]
        organization = ('accessing' #auxInput #auxInput: #next #q #q: #sha)
('initialization' #b: #initializeMutex #q:b: #q:seed: #seed:)
('private' #autogeneratedSeed: #blockSize #byteStream
#nextChunkOfRandomBytesFor: #privateNext #privateNextExtended)

        name = #DSSRandom
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        default = nil
Context PC = 7

----------------------------------------------------------------------
Security.SSLContext class>>defaultRandomValue
Receiver:
        a Security.SSLContext class
Instance Variables:
        superclass = Object
        methodDict = a MethodDictionary[44]
        format = 16391
        subclasses = nil
        instanceVariables = an Array[7]
        organization = ('accessing' #allowesResumableSessions
#allowResumableSessions #certificateRegistry #ciphers
#disallowResumableSessions #majorVersion #minorVersion #random #random:
#recognizedAuthorityNames #trustedCertificates)
('key accessing' #addValidCertificate: #certificateCompatibleWith:
#dhKeyPair #dhKeyPair: #dhParameters #dhParameters: #dsaCertificatePair
#dsaCertificatePair: #dsaDHCertificatePair #dsaDHCertificatePair:
#isKnownValidCertificate: #removeValidCertificate: #rsaCertificatePair
#rsaCertificatePair: #rsaDHCertificatePair #rsaDHCertificatePair:
#rsaKeyPair #rsaKeyPair: #rsaSigningCertificatePair
#rsaSigningCertificatePair: #supportedCertificateTypes
#supportedCertificateTypes: #validCertificateFor:)
('services' #connectionFor: #connectionFor:using: #disallowToResume:
#newIdForSession: #newSessionId #sessionForId:)
('initialization' #initialize #initializeSuites:
#initializeSuites:registry:)
('handshaking' #validateCertificateChain:for:)

        name = #SSLContext
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        defaultRandom = nil
Context PC = 4

----------------------------------------------------------------------
optimized [] in Security.SSLContext class>>defaultRandom
Receiver:
        an UndefinedObject
Temporaries:
        .self = Security.SSLContext
Context PC = 6

----------------------------------------------------------------------
UndefinedObject>>ifNil:
Receiver:
        an UndefinedObject
Arguments:
        aBlock = BlockClosure [] in Security.SSLContext class>>defaultRandom
Context PC = 3

----------------------------------------------------------------------
Security.SSLContext class>>defaultRandom
Receiver:
        a Security.SSLContext class
Instance Variables:
        superclass = Object
        methodDict = a MethodDictionary[44]
        format = 16391
        subclasses = nil
        instanceVariables = an Array[7]
        organization = ('accessing' #allowesResumableSessions
#allowResumableSessions #certificateRegistry #ciphers
#disallowResumableSessions #majorVersion #minorVersion #random #random:
#recognizedAuthorityNames #trustedCertificates)
('key accessing' #addValidCertificate: #certificateCompatibleWith:
#dhKeyPair #dhKeyPair: #dhParameters #dhParameters: #dsaCertificatePair
#dsaCertificatePair: #dsaDHCertificatePair #dsaDHCertificatePair:
#isKnownValidCertificate: #removeValidCertificate: #rsaCertificatePair
#rsaCertificatePair: #rsaDHCertificatePair #rsaDHCertificatePair:
#rsaKeyPair #rsaKeyPair: #rsaSigningCertificatePair
#rsaSigningCertificatePair: #supportedCertificateTypes
#supportedCertificateTypes: #validCertificateFor:)
('services' #connectionFor: #connectionFor:using: #disallowToResume:
#newIdForSession: #newSessionId #sessionForId:)
('initialization' #initialize #initializeSuites:
#initializeSuites:registry:)
('handshaking' #validateCertificateChain:for:)

        name = #SSLContext
        classPool = a NameSpaceOfClass[0]
        environment = a NameSpace[119]
        defaultRandom = nil
Context PC = 7

----------------------------------------------------------------------
optimized [] in Security.SSLContext>>random
Receiver:
        an UndefinedObject
Temporaries:
        .self = a Security.SSLContext
Context PC = 7

----------------------------------------------------------------------
UndefinedObject>>ifNil:
Receiver:
        an UndefinedObject
Arguments:
        aBlock = BlockClosure [] in Security.SSLContext>>random
Context PC = 3

----------------------------------------------------------------------
Security.SSLContext>>random
Receiver:
        a Security.SSLContext
Instance Variables:
        ciphers = an Array[8]
        random = nil
        sessions = a Dictionary[0]
        lastSessionId = 0
        parameters = a Dictionary[0]
        validCertificates = nil
        certificateRegistry = a Security.X509.X509Registry
Context PC = 7

----------------------------------------------------------------------
Security.SSLSession>>random
Receiver:
        a Security.SSLSession
Instance Variables:
        id = nil
        majorVersion = nil
        minorVersion = nil
        context = a Security.SSLContext
        peerCertificate = nil
        cipherSuite = nil
        secret = nil
        isServer = false
        subjectValidator = nil
Context PC = 3

----------------------------------------------------------------------
Security.SSLSession>>generateRandom
Receiver:
        a Security.SSLSession
Instance Variables:
        id = nil
        majorVersion = nil
        minorVersion = nil
        context = a Security.SSLContext
        peerCertificate = nil
        cipherSuite = nil
        secret = nil
        isServer = false
        subjectValidator = nil
Temporaries:
        random = a ByteArray[32]
        randomStream = nil
        time = nil
        i = nil
        i = nil
Context PC = 9


-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.

Thank you.

-----Original Message-----
From: Wallen, David [mailto:[hidden email]]
Sent: Thursday, August 03, 2006 6:13 PM
To: [hidden email]
Subject: RE: Security.DSSRandom>>default crash due to seed too small

There is an open AR for this issue. It can occur at startup, or soon
thereafter, before all the memory space objects have been allocated.
If you do some "busy work" a bit, the GC will soon allocate those
areas for its own tracking purposes.

AR# 50362 Description DSSRandom default can throw exception at startup.

- Dave W

Yup, it can happen later. Basically the first time you use the default
generator which will be the case if you try to use SSL. Simply retrying
couple of times helps in most cases.

I hope to have this addressed for 7.5, but it's not an easy one. It's
trivial to make it so that you don't get the error, but the real problem
is that the default generator doesn't get properly seeded with 160-bits
of randomness as it should be.

If you're on Linux the easiest workaround is to seed the generator
explicitly with something like this:

        urandom := '/dev/urandom' asFilename readStream binary.
        DSSRandom resetDefaultFrom: (urandom next: 20) readStream.
        urandom close.

Otherwise just get 20 random bytes somewhere and use those instead.
There's more info in various comments on that class.

HTH,

Martin

Boris Popov wrote: