<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<div>
<div>
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" dir="ltr">
<span style="caret-color:rgb(0, 0, 0);font-size:medium;background-color:rgb(255, 255, 255);display:inline !important">unsubscribe</span><br>
</div>
</div>
<div id="ms-outlook-mobile-signature">
<div><br>
</div>
Get <a href="https://aka.ms/o0ukef">Outlook for iOS</a></div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> openssl-users <openssl-users-bounces@openssl.org> on behalf of Dr Paul Dale <pauli@openssl.org><br>
<b>Sent:</b> Wednesday, November 10, 2021 2:20:03 PM<br>
<b>To:</b> openssl-users@openssl.org <openssl-users@openssl.org><br>
<b>Subject:</b> Re: OpenSSL-3.+ how to configure [random]?</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">I'm pretty sure the underlying problem is that there is a call to
<br>
RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the <br>
latter).<br>
<br>
These completely replace the built in RNG infrastructure with the <br>
RAND_METHOD/engine. If the engine then fails to produce output for any <br>
reason, the observed results will present.<br>
<br>
Adding the RDRAND engine again replaces the RAND_METHOD and things begin <br>
working.<br>
<br>
<br>
I've no idea why the PKCS#11 engine has stopped working with 3.0. It <br>
wasn't meant to.<br>
<br>
<br>
Pauli<br>
<br>
On 11/11/21 1:36 am, Blumenthal, Uri - 0553 - MITLL wrote:<br>
> Yes, it's related to <a href="https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fissues%2F16996&data=04%7C01%7Cmatthew%40tannerpress.net%7Cf22a5656a34f49cfa6da08d9a4878292%7Cc1577ca58fb24073b18afcfb3e42f771%7C0%7C0%7C637721724221925626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C5000&sdata=HhqKToNElQMiY5zqwP79XUmbHU5yNYLbFhUr3LwjV3s%3D&reserved=0">
https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fissues%2F16996&data=04%7C01%7Cmatthew%40tannerpress.net%7Cf22a5656a34f49cfa6da08d9a4878292%7Cc1577ca58fb24073b18afcfb3e42f771%7C0%7C0%7C637721724221925626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C5000&sdata=HhqKToNElQMiY5zqwP79XUmbHU5yNYLbFhUr3LwjV3s%3D&reserved=0</a>,
and yes - the same solution worked.<br>
><br>
> There's something wrong with how PKCS#11 engine deals with (or presents itself as) rand provider.<br>
> In any case, removing PKCS#11 engine from the [engines] section alleviated this problem.<br>
><br>
> Thanks!<br>
><br>
> P.S. I configured rand seed sources the standard way: "--with-rand-seed=rdcpu,os", as I think everybody does.<br>
<br>
</div>
</span></font></div>
</body>
</html>