Re: OpenSSL-3.+ how to configure [random]?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm pretty sure the underlying problem is that there is a call to RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the latter).

These completely replace the built in RNG infrastructure with the RAND_METHOD/engine.  If the engine then fails to produce output for any reason, the observed results will present.

Adding the RDRAND engine again replaces the RAND_METHOD and things begin working.


I've no idea why the PKCS#11 engine has stopped working with 3.0. It wasn't meant to.


Pauli

On 11/11/21 1:36 am, Blumenthal, Uri - 0553 - MITLL wrote:
Yes, it's related to https://github.com/openssl/openssl/issues/16996, and yes - the same solution worked.

There's something wrong with how PKCS#11 engine deals with (or presents itself as) rand provider.
In any case, removing PKCS#11 engine from the [engines] section alleviated this problem.

Thanks!

P.S. I configured rand seed sources the standard way: "--with-rand-seed=rdcpu,os", as I think everybody does.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux