openssl 9.3 and openssl 3.1

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I'm trying to compile openssh with openssl 3.1 on a linux machine with
kernel 4.15.10.  I seem to get stuck at:

configure: error: OpenSSH has no source of random numbers. Please
configure OpenSSL with an entropy source or re-run configure using one
of the --with-prngd-port or --with-prngd-socket options

I haven't done anything special in configuring openssl.  If I have read
the configuration for openssl correctly, with will default to the 'os'
source, which I think then is getrandom(2).

I think the check in openssh for this is a call to RAND_status(), which
is apparently returning a failure.

I can't compile without openssl, because I need to allow RSA keys.

Any work arounds? Ideas follow.

Compile openssh with /dev/urandom as the prngd-socket?

Edit the configure script to force a success where RAND_status()
is called?

Call whatever openssl needs to initialize the random seed somewhere
early in openssh startup?  It may already do this, I see calls to
RAND_seed() in sshd.c.

More generally, would it make sense (on linux at least) to use
getrandom() if available, or /dev/urandom otherwise regardless
of whether or not openssl is used?

-- 
nw
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux