On Wed, 2021-11-10 at 03:38 +0000, Blumenthal, Uri - 0553 - MITLL wrote: > On 11/9/21, 22:23, "Dr Paul Dale" <pauli@xxxxxxxxxxx> wrote: > > > Currently I've no idea and can't reproduce locally :( > > Maybe you'd know how to force the "-engine rdrand" path through > "openssl.cnf"? > > > A rogue configuration file could cause the DRBGs/seeds to fail. > > Do you > > have seed=rdrand line in the random section? That will cause > > the > > seeding source to fail to load at all. > > No, I don't - and providing empty config causes the same result: > > $ OPENSSL_CONF=/dev/null openssl3 rand -hex 4 > $ OPENSSL_CONF=/dev/null openssl3 rand -engine rdrand -hex 4 > Engine "rdrand" set. > 61f1666d How did you configure the rand seed sources when building OpenSSL? I think rather than trying to make the rdrand engine default it would make more sense to try to resolve the problem with the rand provider and its seeding. What is the exit code of the first execution of the rand command? Could you try to run it under strace and/or gdb to investigate? -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]
