Re: OpenSSL-3.+ how to configure [random]?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2021-11-10 at 03:38 +0000, Blumenthal, Uri - 0553 - MITLL
wrote:
> On 11/9/21, 22:23, "Dr Paul Dale" <pauli@xxxxxxxxxxx> wrote:
> 
> >    Currently I've no idea and can't reproduce locally :(
> 
> Maybe you'd know how to force the "-engine rdrand" path through
> "openssl.cnf"?
> 
> >    A rogue configuration file could cause the DRBGs/seeds to fail. 
> > Do you 
> >    have seed=rdrand line in the random section?  That will cause
> > the 
> >    seeding source to fail to load at all.
> 
> No, I don't - and providing empty config causes the same result:
> 
> $ OPENSSL_CONF=/dev/null openssl3 rand -hex 4
> $ OPENSSL_CONF=/dev/null openssl3 rand -engine rdrand -hex 4
> Engine "rdrand" set.
> 61f1666d

How did you configure the rand seed sources when building OpenSSL? I
think rather than trying to make the rdrand engine default it would
make more sense to try to resolve the problem with the rand provider
and its seeding. What is the exit code of the first execution of the
rand command? Could you try to run it under strace and/or gdb to
investigate?
-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux