Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-2018611.1
Update Date:2017-05-10
Keywords:
Solution Type  Problem Resolution Sure

Solution  2018611.1 :   3DES Key Generation Failing With "Openssl Hash DRBG State Semaphore Not Yet Created"  

Related Items 
    

  • Acme Packet 4500
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>CommsGBU>Session Delivery Network>SN-SND: Acme Service Provider
    •  






In this Document


Symptoms


Changes


Cause


Solution


References

Created from <SR 3-10701443251>


Applies to:  

Acme Packet 4500 - Version S-Cx6.4.0 and later
Information in this document applies to any platform.



Symptoms


Unable to generate a 3DES key with following error:


ber1015asbc002# generate-key 3des
0x
**** Error: (tCliSSH0) Openssl Hash DRBG State semaphore not yet created
Error: Failed to generate DES key


 


Changes


The fix enhanced the code to use Hash_DRBG random number generator to generate key if HW accelerator is available, otherwise openssl will be used to generate a key.


Cause


 When PD00026102 was checked in on 11/23/2011, the generate-key command was modified to use FIPS compatible Hash_DRBG random number generator to generate the manual keys instead of OpenSSL.

The problem is that the Hash_DRBG random number generator can only work on a SBC with HW accelerator, the generate-key command stopped working on a SBC without HW accelerator.


Solution


 Upgrading the image to SCX640m6p2 will solve this problem 


The fix enhanced the code to use Hash_DRBG random number generator to generate key if HW accelerator is available, otherwise openssl will be used to generate a key.


References
 <BUG:21103403> - UNABLE TO GENERATE A 3DES



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback