hi all, I have glibc 2.30 with Kernel 4.9.191 but unfortunately I compiled glibc with old Kernel headers from Linux 3.16.46. It seems that as a result of this, my getrandom() and getentropy() are stubs that always fail with ENOSYS. This leads to: ./util/shlib_wrap.sh apps/openssl rand -hex 10 4145686272:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:crypto/rand/drbg_lib.c:342: ... Fine I thought, supply --with-rand-seed=devrandom to Configure and be done with it until you can fix your glibc. Nope - same result. Now I see this in e_os.h: /* * Linux kernels 4.8 and later changes how their random device works and there * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) * should be used instead. */ # ifndef DEVRANDOM_SAFE_KERNEL # define DEVRANDOM_SAFE_KERNEL 4, 8 # endif So openSSL 1.1.1 will not support /dev/*random with Kernels > 4.8 ? I can fix the kernel headers before compiling the next release of glibc but this is some months away. Is there anything I can do now? I don't like the idea to recompile glibc - Version upgrades are much easier to deploy than replacing the current version. Regards, Michael Brunnbauer -- ++ Michael Brunnbauer ++ netEstate GmbH ++ Geisenhausener Straße 11a ++ 81379 München ++ Tel +49 89 32 19 77 80 ++ Fax +49 89 32 19 77 89 ++ E-Mail brunni@xxxxxxxxxxxx ++ https://www.netestate.de/ ++ ++ Sitz: München, HRB Nr.142452 (Handelsregister B München) ++ USt-IdNr. DE221033342 ++ Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer ++ Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
Attachment:
signature.asc
Description: PGP signature
