Support for /dev/*random in OpenSSL 1.1.1
Dr Paul Dale
paul.dale at oracle.com
Wed Sep 11 21:25:29 UTC 2019
As a temporary workaround, you might try defining __NR_getrandom to the appropriate system call number, although it looks like the extra efforts to get past the other preprocessor check ing rand_unit.c could get ugly.
What about defining your our getrandom function in your application that calls the system call? The linker should find that before glibc’s.
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
> On 12 Sep 2019, at 1:48 am, Michael Brunnbauer <brunni at netestate.de> wrote:
> hi all,
> I have glibc 2.30 with Kernel 4.9.191 but unfortunately I compiled glibc with
> old Kernel headers from Linux 3.16.46. It seems that as a result of this, my
> getrandom() and getentropy() are stubs that always fail with ENOSYS. This
> leads to:
> ./util/shlib_wrap.sh apps/openssl rand -hex 10
> 4145686272:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:crypto/rand/drbg_lib.c:342:
> Fine I thought, supply --with-rand-seed=devrandom to Configure and be done
> with it until you can fix your glibc. Nope - same result.
> Now I see this in e_os.h:
> * Linux kernels 4.8 and later changes how their random device works and there
> * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
> * should be used instead.
> # ifndef DEVRANDOM_SAFE_KERNEL
> # define DEVRANDOM_SAFE_KERNEL 4, 8
> # endif
> So openSSL 1.1.1 will not support /dev/*random with Kernels > 4.8 ?
> I can fix the kernel headers before compiling the next release of glibc but
> this is some months away.
> Is there anything I can do now? I don't like the idea to recompile glibc -
> Version upgrades are much easier to deploy than replacing the current version.
> Michael Brunnbauer
> ++ Michael Brunnbauer
> ++ netEstate GmbH
> ++ Geisenhausener Straße 11a
> ++ 81379 München
> ++ Tel +49 89 32 19 77 80
> ++ Fax +49 89 32 19 77 89
> ++ E-Mail brunni at netestate.de
> ++ https://www.netestate.de/
> ++ Sitz: München, HRB Nr.142452 (Handelsregister B München)
> ++ USt-IdNr. DE221033342
> ++ Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
> ++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users