[OE-core] [PATCH] openssl: Enable os option for with-rand-seed as well
Andrey Zhizhikin
andrey.z at gmail.com
Fri Sep 20 13:13:44 UTC 2019
Hello Raj,
On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem at gmail.com> wrote:
>
> with openSSL 1.1.1d we start seeing errors like
>
> Error Generating Key
> 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
>
> when using openssl from openssl-native on build hosts, this is due to
> limiting the random seed to devrandom, to support older hosts, since the
> option allows to have a comma separated list of methods to try, we can
> try the default first and if that fails then fallback to devrandom, this
> will ensure that it keeps working with build systems which dont support
> getrandom()
>
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> Cc: Adrian Bunk <bunk at stusta.de>
> Cc: Alexander Kanavin <alex.kanavin at gmail.com>
> ---
Just as a test report for this patch:
I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately
my sshd given up with a message: PRNG is not seeded
Reverting commits (effectively rolling back to openssl 1.1.1c) made
sshd operable again.:
53b5654d6e openssl: Enable os option for with-rand-seed as well
2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d
I'm not sure whether this is related to the Kernel used in i.MX8M Mini
series or the openssl version used...
I'd try to use a different HW to verify this patch further (perhaps
Altera CV) to see if the sshd is broken there as well.
-- andrey
More information about the Openembedded-core
mailing list