[oe-commits] [openembedded-core] 25/29: openssl: Enable os option for with-rand-seed as well

git at git.openembedded.org git at git.openembedded.org
Tue Jan 28 11:52:07 UTC 2020 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch warrior
in repository openembedded-core.

commit b9fb2913c72ec771e4da2931528f6f5425c14913
Author: Khem Raj <raj.khem at gmail.com>
AuthorDate: Fri Jan 17 18:58:17 2020 +0200

    openssl: Enable os option for with-rand-seed as well
    
    with openSSL 1.1.1d we start seeing errors like
    
    Error Generating Key
    139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
    
    when using openssl from openssl-native on build hosts, this is due to
    limiting the random seed to devrandom, to support older hosts, since the
    option allows to have a comma separated list of methods to try, we can
    try the default first and if that fails then fallback to devrandom, this
    will ensure that it keeps working with build systems which dont support
    getrandom()
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index b006246..0e65f33 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -42,10 +42,10 @@ do_configure[cleandirs] = "${B}"
 EXTRA_OECONF_append_libc-musl = " no-async"
 EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
 
-# This prevents openssl from using getrandom() which is not available on older glibc versions
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
 # (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
 
 # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
 CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list