CCF icon indicating copy to clipboard operation
CCF copied to clipboard
verified publisher icon microsoft

Could not generate new EC key

Open achamayou opened this issue 2 years ago • 3 comments

Observed in https://dev.azure.com/MSRC-CCF/CCF/_build/results?buildId=75971&view=logs&j=8f3dc89c-3708-5926-47e7-27120a268dab&t=bb1a7e6d-8f5b-56e4-638c-b498b20b4b62

/__w/1/s/build/workspace/reconfiguration_reconfiguration_test_cft_12/out:207: 2023-09-19T01:48:39.252933Z 0 [fail ] ../src/enclave/main.cpp:295 | exception during enclave init: could not generate new EC key

https://github.com/microsoft/CCF/blob/93de138399d4f4a9eb1f809e187ff1047c26d839/src/crypto/openssl/key_pair.cpp#L59

We should at least log the failure code, and perhaps retry if this is a temporary error (lack of entropy?). The documentation only outlines one possible error on unsupported keys, but that's probably not what's happening here: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_keygen.html

achamayou avatar Sep 19 '23 07:09 achamayou

Observed in https://dev.azure.com/MSRC-CCF/CCF/_build/results?buildId=82271&view=logs&jobId=0e591dbf-76f3-52a9-7e9a-f17d4997e033&j=0e591dbf-76f3-52a9-7e9a-f17d4997e033&t=72b55a3a-1084-5b37-42cb-197b1672aacd

39: 04:53:15.536 | ERROR    | infra.network:log_errors:126 - /__w/1/s/build/workspace/pi_basic_mt_sgx_cft^_1/out:132: 2024-03-05T04:53:11.496939Z        0   [fail ] ../src/enclave/main.cpp:295          | exception during enclave init: could not generate new EC key: 0
39: 04:53:15.536 | ERROR    | infra.network:log_errors:126 - /__w/1/s/build/workspace/pi_basic_mt_sgx_cft^_1/out:133: 2024-03-05T04:53:11.497140Z        100 [fail ] ../src/host/main.cpp:734             | An error occurred when creating CCF node: EnclaveInitFailed

Agent name: 'ado-sgx-ccf-sub-backup 3' Agent machine name: '1b0add8bc000000'

achamayou avatar Mar 05 '24 08:03 achamayou

And

https://dev.azure.com/MSRC-CCF/CCF/_build/results?buildId=82265&view=logs&j=5435e0ac-25e5-5426-50be-61b0d0ea8d34&t=1b9ad28e-4fab-5bbb-1cce-5ef2b80aad3b

2024-03-05T03:23:28.203766Z        0   [fail ] ../src/enclave/main.cpp:295          | exception during enclave init: could not generate new EC key: 0
2024-03-05T03:23:28.203888Z        100 [fail ] ../src/host/main.cpp:734             | An error occurred when creating CCF node: EnclaveInitFailed

Agent name: 'ado-sgx-ccf-sub-backup 3' Agent machine name: 'b368cfbac000001'

achamayou avatar Mar 05 '24 08:03 achamayou

https://dev.azure.com/MSRC-CCF/CCF/_build/results?buildId=82913&view=logs&jobId=a5ac1ec3-7e68-514b-a9fd-ea59be2801da&j=a5ac1ec3-7e68-514b-a9fd-ea59be2801da&t=81989794-cfa3-5237-0a85-58072790bc5a

achamayou avatar Mar 21 '24 13:03 achamayou