[PATCH] openssl: Enable os option for with-rand-seed as well

[PATCH] openssl: Enable os option for with-rand-seed as well

[Khem Raj]

with openSSL 1.1.1d we start seeing errors like

Error Generating Key
139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:

when using openssl from openssl-native on build hosts, this is due to
limiting the random seed to devrandom, to support older hosts, since the
option allows to have a comma separated list of methods to try, we can
try the default first and if that fails then fallback to devrandom, this
will ensure that it keeps working with build systems which dont support
getrandom()

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Adrian Bunk <bunk@stusta.de>
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
---
 meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 080d1a8bb7..072f727e0b 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -43,10 +43,10 @@ do_configure[cleandirs] = "${B}"
 EXTRA_OECONF_append_libc-musl = " no-async"
 EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
 
-# This prevents openssl from using getrandom() which is not available on older glibc versions
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
 # (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
 
 # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
 CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-- 
2.23.0

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Adrian Bunk]

On Tue, Sep 17, 2019 at 11:49:47AM -0700, Khem Raj wrote:
> with openSSL 1.1.1d we start seeing errors like
> 
> Error Generating Key
> 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
> 
> when using openssl from openssl-native on build hosts, this is due to
> limiting the random seed to devrandom, to support older hosts, since the
> option allows to have a comma separated list of methods to try, we can
> try the default first and if that fails then fallback to devrandom, this
> will ensure that it keeps working with build systems which dont support
> getrandom()
>...

Thanks for fixing this problem!

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 3560 bytes --]

Thanks for fix, I was seeing these issues in couple components using
nodejs-native (example bellow) and can confirm that this is now fixed.

internal/crypto/random.js:118
  if (ex) throw ex;
          ^

Error: error:2406C06E:random number generator:RAND_DRBG_instantiate:error
retrieving entropy
    at handleError (internal/crypto/random.js:117:14)
    at Object.randomBytes (internal/crypto/random.js:52:19)
    at
TOPDIR/BUILD/work/x86_64-linux/node-gyp-native/0.12.2+gitAUTOINC+7e98c99ce7-r4/recipe-sysroot-native/usr/lib/node_modules/npm/lib/npm.js:424:32
    at Object.<anonymous>
(TOPDIR/BUILD/work/x86_64-linux/node-gyp-native/0.12.2+gitAUTOINC+7e98c99ce7-r4/recipe-sysroot-native/usr/lib/node_modules/npm/lib/npm.js:476:3)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
    at Module.require (internal/modules/cjs/loader.js:692:17)

On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem@gmail.com> wrote:

> with openSSL 1.1.1d we start seeing errors like
>
> Error Generating Key
> 139979727451584:error:2406C06E:random number
> generator:RAND_DRBG_instantiate:error retrieving
> entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
>
> when using openssl from openssl-native on build hosts, this is due to
> limiting the random seed to devrandom, to support older hosts, since the
> option allows to have a comma separated list of methods to try, we can
> try the default first and if that fails then fallback to devrandom, this
> will ensure that it keeps working with build systems which dont support
> getrandom()
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Cc: Adrian Bunk <bunk@stusta.de>
> Cc: Alexander Kanavin <alex.kanavin@gmail.com>
> ---
>  meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> index 080d1a8bb7..072f727e0b 100644
> --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
> @@ -43,10 +43,10 @@ do_configure[cleandirs] = "${B}"
>  EXTRA_OECONF_append_libc-musl = " no-async"
>  EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
>
> -# This prevents openssl from using getrandom() which is not available on
> older glibc versions
> +# adding devrandom prevents openssl from using getrandom() which is not
> available on older glibc versions
>  # (native versions can be built with newer glibc, but then relocated onto
> a system with older glibc)
> -EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
> -EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
> +EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
> +EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
>
>  # Relying on hardcoded built-in paths causes openssl-native to not be
> relocateable from sstate.
>  CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin
> -DENGINESDIR=/not/builtin"
> --
> 2.23.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>

[-- Attachment #2: Type: text/html, Size: 4827 bytes --]

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Andrey Zhizhikin]

Hello Raj,

On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> with openSSL 1.1.1d we start seeing errors like
>
> Error Generating Key
> 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
>
> when using openssl from openssl-native on build hosts, this is due to
> limiting the random seed to devrandom, to support older hosts, since the
> option allows to have a comma separated list of methods to try, we can
> try the default first and if that fails then fallback to devrandom, this
> will ensure that it keeps working with build systems which dont support
> getrandom()
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Cc: Adrian Bunk <bunk@stusta.de>
> Cc: Alexander Kanavin <alex.kanavin@gmail.com>
> ---

Just as a test report for this patch:

I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately
my sshd given up with a message: PRNG is not seeded

Reverting commits (effectively rolling back to openssl 1.1.1c) made
sshd operable again.:
53b5654d6e openssl: Enable os option for with-rand-seed as well
2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d

I'm not sure whether this is related to the Kernel used in i.MX8M Mini
series or the openssl version used...

I'd try to use a different HW to verify this patch further (perhaps
Altera CV) to see if the sshd is broken there as well.

-- andrey

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Mikko.Rapeli]

On Fri, Sep 20, 2019 at 03:13:44PM +0200, Andrey Zhizhikin wrote:
> Hello Raj,
> 
> On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem@gmail.com> wrote:
> >
> > with openSSL 1.1.1d we start seeing errors like
> >
> > Error Generating Key
> > 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
> >
> > when using openssl from openssl-native on build hosts, this is due to
> > limiting the random seed to devrandom, to support older hosts, since the
> > option allows to have a comma separated list of methods to try, we can
> > try the default first and if that fails then fallback to devrandom, this
> > will ensure that it keeps working with build systems which dont support
> > getrandom()
> >
> > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > Cc: Adrian Bunk <bunk@stusta.de>
> > Cc: Alexander Kanavin <alex.kanavin@gmail.com>
> > ---
> 
> Just as a test report for this patch:
> 
> I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately
> my sshd given up with a message: PRNG is not seeded
> 
> Reverting commits (effectively rolling back to openssl 1.1.1c) made
> sshd operable again.:
> 53b5654d6e openssl: Enable os option for with-rand-seed as well
> 2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d

Do you have rng-tools on the image? That helped me with the kernel random pool
initialization for sshd in iMX8 and openssl 1.1.1x.

I don't see how 53b5654d6e could change this behavior for target openssl.
2c6b9b918c could change the behavior and would be suprise. Maybe also
target recipe needs --with-rand-seed=os,devrandom on iMX8 or similar platforms.

-Mikko

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Adrian Bunk]

On Fri, Sep 20, 2019 at 01:38:29PM +0000, Mikko.Rapeli@bmw.de wrote:
> On Fri, Sep 20, 2019 at 03:13:44PM +0200, Andrey Zhizhikin wrote:
> > Hello Raj,
> > 
> > On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.khem@gmail.com> wrote:
> > >
> > > with openSSL 1.1.1d we start seeing errors like
> > >
> > > Error Generating Key
> > > 139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
> > >
> > > when using openssl from openssl-native on build hosts, this is due to
> > > limiting the random seed to devrandom, to support older hosts, since the
> > > option allows to have a comma separated list of methods to try, we can
> > > try the default first and if that fails then fallback to devrandom, this
> > > will ensure that it keeps working with build systems which dont support
> > > getrandom()
> > >
> > > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > > Cc: Adrian Bunk <bunk@stusta.de>
> > > Cc: Alexander Kanavin <alex.kanavin@gmail.com>
> > > ---
> > 
> > Just as a test report for this patch:
> > 
> > I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately
> > my sshd given up with a message: PRNG is not seeded
> 
> > Reverting commits (effectively rolling back to openssl 1.1.1c) made
> > sshd operable again.:
> > 53b5654d6e openssl: Enable os option for with-rand-seed as well
> > 2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d
> 
> Do you have rng-tools on the image? That helped me with the kernel random pool
> initialization for sshd in iMX8 and openssl 1.1.1x.
> 
> I don't see how 53b5654d6e could change this behavior for target openssl.
> 2c6b9b918c could change the behavior and would be suprise.
>...

OpenSSL is full of surprises...

CHANGES says:
    Linux kernels 4.8 and later, don't have a reliable way to detect 
    that /dev/urandom has been properly seeded, so a failure is raised 
    for this case (i.e. the getentropy(2) call has already failed).

It seems to be correct to give an error here, and lack of rng-tools 
and/or kernel support for the iMX8 RNG is something that should be
fixed by the user.

OTOH, this kind of changes make it hard to justify upgrading openssl
in stable branches.

> -Mikko

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Andrey Zhizhikin]

On Fri, Sep 20, 2019 at 3:38 PM <Mikko.Rapeli@bmw.de> wrote:
>
>
> Do you have rng-tools on the image? That helped me with the kernel random pool
> initialization for sshd in iMX8 and openssl 1.1.1x.

No, but I would definitely try it! Thanks a lot for the tip here!

>
> I don't see how 53b5654d6e could change this behavior for target openssl.
> 2c6b9b918c could change the behavior and would be suprise. Maybe also
> target recipe needs --with-rand-seed=os,devrandom on iMX8 or similar platforms.

This has puzzled me as well.. Actually, the 53b5654d6e is related to
2c6b9b918c in a way that it fixes the build issue with various
components. That was the reason I reverted both of them since they are
going in pair. Strangely enough, when reverting the openssl version to
1.1.1c - sshd starts to work normally.

I'm building now Arria10 to see if I can reproduce the issue there as well.

-- andrey

Re: [PATCH] openssl: Enable os option for with-rand-seed as well

[Andrey Zhizhikin]

> ...

Just as a follow-up on this issue, if someone else would stumbled upon the same:

I've built cyclone5 machine off the master and it was 100% operable.
Then I looked at the i.MX8M configuration and found out that openssl
recipe was overlaid for me with the option --with-rand-seed=devrandom,
which effectively cause this erratic behavior. Changing the compile
option to --with-rand-seed=os,devrandom made an SSHD fully operable
again, so indeed this is the right option to use for devices which are
not properly seeding /dev/urandom.

Mikko/Adrian, thank a lot for your advises here in the direction to look into!


-- andrey