[OE-core] [PATCH] openssl: Enable os option for with-rand-seed as well
Mikko.Rapeli at bmw.de
Mikko.Rapeli at bmw.de
Fri Sep 20 13:38:29 UTC 2019
On Fri, Sep 20, 2019 at 03:13:44PM +0200, Andrey Zhizhikin wrote:
> Hello Raj,
>
> On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem at gmail.com> wrote:
> >
> > with openSSL 1.1.1d we start seeing errors like
> >
> > Error Generating Key
> > 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
> >
> > when using openssl from openssl-native on build hosts, this is due to
> > limiting the random seed to devrandom, to support older hosts, since the
> > option allows to have a comma separated list of methods to try, we can
> > try the default first and if that fails then fallback to devrandom, this
> > will ensure that it keeps working with build systems which dont support
> > getrandom()
> >
> > Signed-off-by: Khem Raj <raj.khem at gmail.com>
> > Cc: Adrian Bunk <bunk at stusta.de>
> > Cc: Alexander Kanavin <alex.kanavin at gmail.com>
> > ---
>
> Just as a test report for this patch:
>
> I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately
> my sshd given up with a message: PRNG is not seeded
>
> Reverting commits (effectively rolling back to openssl 1.1.1c) made
> sshd operable again.:
> 53b5654d6e openssl: Enable os option for with-rand-seed as well
> 2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d
Do you have rng-tools on the image? That helped me with the kernel random pool
initialization for sshd in iMX8 and openssl 1.1.1x.
I don't see how 53b5654d6e could change this behavior for target openssl.
2c6b9b918c could change the behavior and would be suprise. Maybe also
target recipe needs --with-rand-seed=os,devrandom on iMX8 or similar platforms.
-Mikko
More information about the Openembedded-core
mailing list