Re: [OE-core] [PATCH] openssl: add rdcpu to rand-seed

Fri, 10 Jul 2020 16:26:26 -0700 

On Fri, 2020-07-10 at 21:21 +0100, Richard Purdie wrote:
> On Fri, 2020-07-10 at 12:39 -0700, Taras Kondratiuk via 
> lists.openembedded.org wrote:
> > Native[sdk] openssl fails to initialize RNG on systems where native[sdk]
> > glibc is built against pre-3.17 linux-libc-headers, but runs on 4.8+
> > kernel:
> > 140737348333184:error:2406C06E:random number 
> > generator:RAND_DRBG_instantiate:error retrieving 
> > entropy:../openssl-1.1.1g/crypto/rand/drbg_lib.c:342
> > 
> > Commit 3ff98f558157 ("Start up DEVRANDOM entropy improvement for older
> > Linux devices.") in OpenSSL 1.1.1d has effectively disabled devrandom
> > seed source for kernels >=4.8. The assumption is that getrandom(2) will
> > be used instead. Getrandom syscall was added in kernel 3.17 by commit
> > c6e9d6f38894 ("random: introduce getrandom(2) system call"). So on a
> > system with 4.8+ kernel and pre-3.17 libc headers both getrandom and
> > devrandom can't be used.
> 
> Where would we find a system where we're building with pre-3.17 libc
> headers?
> 
> We updated to 3.17 in 2014:
> 
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=be50d1dc1c03b709e60d2493df5890f7556852b7
> 
> If I remember correctly this change was added to avoid problems with
> different host OSes and I'm worried we'd see those issues return if we
> change things like this. Whilst the syscall may have been added quite
> early, the glibc wrappers for it are quite recent and where our source
> of problems was.

We build OE SDK that has to work on build machines with kernels from
2.6.32 to 5.4. So in our distro nativesdk-linux-libc-headers is set to
2.6.32.

If you think this is a rare case and won't be useful for others, then
ignore the patch. I'll override --with-rand-seed from distro layer.

But then we can remove --with-rand-seed configuration from OE-core
recipe entirely. Its current value "os,devrandom" is equivalent to the
default configuration.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#140550): 
https://lists.openembedded.org/g/openembedded-core/message/140550
Mute This Topic: https://lists.openembedded.org/mt/75426089/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to