[OE-core] [PATCH] openssl: Enable os option for with-rand-seed as well
Martin Jansa
martin.jansa at gmail.com
Wed Sep 18 14:25:53 UTC 2019
Thanks for fix, I was seeing these issues in couple components using
nodejs-native (example bellow) and can confirm that this is now fixed.
internal/crypto/random.js:118
if (ex) throw ex;
^
Error: error:2406C06E:random number generator:RAND_DRBG_instantiate:error
retrieving entropy
at handleError (internal/crypto/random.js:117:14)
at Object.randomBytes (internal/crypto/random.js:52:19)
at
TOPDIR/BUILD/work/x86_64-linux/node-gyp-native/0.12.2+gitAUTOINC+7e98c99ce7-r4/recipe-sysroot-native/usr/lib/node_modules/npm/lib/npm.js:424:32
at Object.<anonymous>
(TOPDIR/BUILD/work/x86_64-linux/node-gyp-native/0.12.2+gitAUTOINC+7e98c99ce7-r4/recipe-sysroot-native/usr/lib/node_modules/npm/lib/npm.js:476:3)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)
On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem at gmail.com> wrote:
> with openSSL 1.1.1d we start seeing errors like
>
> Error Generating Key
> 139979727451584:error:2406C06E:random number
> generator:RAND_DRBG_instantiate:error retrieving
> entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
>
> when using openssl from openssl-native on build hosts, this is due to
> limiting the random seed to devrandom, to support older hosts, since the
> option allows to have a comma separated list of methods to try, we can
> try the default first and if that fails then fallback to devrandom, this
> will ensure that it keeps working with build systems which dont support
> getrandom()
>
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> Cc: Adrian Bunk <bunk at stusta.de>
> Cc: Alexander Kanavin <alex.kanavin at gmail.com>
> ---
> meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> index 080d1a8bb7..072f727e0b 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> @@ -43,10 +43,10 @@ do_configure[cleandirs] = "${B}"
> EXTRA_OECONF_append_libc-musl = " no-async"
> EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
>
> -# This prevents openssl from using getrandom() which is not available on
> older glibc versions
> +# adding devrandom prevents openssl from using getrandom() which is not
> available on older glibc versions
> # (native versions can be built with newer glibc, but then relocated onto
> a system with older glibc)
> -EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
> -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
> +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
> +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
>
> # Relying on hardcoded built-in paths causes openssl-native to not be
> relocateable from sstate.
> CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
> -DENGINESDIR=/not/builtin"
> --
> 2.23.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20190918/4a8fc3dc/attachment.html>
More information about the Openembedded-core
mailing list