OpenSSL-3.+ how to configure [random]?
Nicola Tuveri
nic.tuv at gmail.com
Wed Nov 10 11:02:00 UTC 2021
Just chiming in quickly to mention that this could be related to
https://github.com/openssl/openssl/issues/16996
Nicola
On Wed, Nov 10, 2021 at 10:33 AM Tomas Mraz <tomas at openssl.org> wrote:
>
> On Wed, 2021-11-10 at 03:38 +0000, Blumenthal, Uri - 0553 - MITLL
> wrote:
> > On 11/9/21, 22:23, "Dr Paul Dale" <pauli at openssl.org> wrote:
> >
> > > Currently I've no idea and can't reproduce locally :(
> >
> > Maybe you'd know how to force the "-engine rdrand" path through
> > "openssl.cnf"?
> >
> > > A rogue configuration file could cause the DRBGs/seeds to fail.
> > > Do you
> > > have seed=rdrand line in the random section? That will cause
> > > the
> > > seeding source to fail to load at all.
> >
> > No, I don't - and providing empty config causes the same result:
> >
> > $ OPENSSL_CONF=/dev/null openssl3 rand -hex 4
> > $ OPENSSL_CONF=/dev/null openssl3 rand -engine rdrand -hex 4
> > Engine "rdrand" set.
> > 61f1666d
>
> How did you configure the rand seed sources when building OpenSSL? I
> think rather than trying to make the rdrand engine default it would
> make more sense to try to resolve the problem with the rand provider
> and its seeding. What is the exit code of the first execution of the
> rand command? Could you try to run it under strace and/or gdb to
> investigate?
> --
> Tomáš Mráz
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
More information about the openssl-users
mailing list