OpenSSL-3.+ how to configure [random]?
Tomas Mraz
tomas at openssl.org
Wed Nov 10 08:32:41 UTC 2021
On Wed, 2021-11-10 at 03:38 +0000, Blumenthal, Uri - 0553 - MITLL
wrote:
> On 11/9/21, 22:23, "Dr Paul Dale" <pauli at openssl.org> wrote:
>
> > Currently I've no idea and can't reproduce locally :(
>
> Maybe you'd know how to force the "-engine rdrand" path through
> "openssl.cnf"?
>
> > A rogue configuration file could cause the DRBGs/seeds to fail.
> > Do you
> > have seed=rdrand line in the random section? That will cause
> > the
> > seeding source to fail to load at all.
>
> No, I don't - and providing empty config causes the same result:
>
> $ OPENSSL_CONF=/dev/null openssl3 rand -hex 4
> $ OPENSSL_CONF=/dev/null openssl3 rand -engine rdrand -hex 4
> Engine "rdrand" set.
> 61f1666d
How did you configure the rand seed sources when building OpenSSL? I
think rather than trying to make the rdrand engine default it would
make more sense to try to resolve the problem with the rand provider
and its seeding. What is the exit code of the first execution of the
rand command? Could you try to run it under strace and/or gdb to
investigate?
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list