From: "Adrian Bunk" <bunk@stusta.de>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: takondra@cisco.com, Alexander Kanavin <alex.kanavin@gmail.com>,
Khem Raj <raj.khem@gmail.com>,
xe-linux-external@cisco.com,
OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH] openssl: add rdcpu to rand-seed
Date: Sat, 11 Jul 2020 01:13:32 +0300 [thread overview]
Message-ID: <20200710221332.GA27369@localhost> (raw)
In-Reply-To: <3d63c868f4e94dee8c7ee05a3afa0f0620f98a15.camel@linuxfoundation.org>
On Fri, Jul 10, 2020 at 09:21:26PM +0100, Richard Purdie wrote:
> On Fri, 2020-07-10 at 12:39 -0700, Taras Kondratiuk via lists.openembedded.org wrote:
> > Native[sdk] openssl fails to initialize RNG on systems where native[sdk]
> > glibc is built against pre-3.17 linux-libc-headers, but runs on 4.8+
> > kernel:
> > 140737348333184:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1g/crypto/rand/drbg_lib.c:342
> >
> > Commit 3ff98f558157 ("Start up DEVRANDOM entropy improvement for older
> > Linux devices.") in OpenSSL 1.1.1d has effectively disabled devrandom
> > seed source for kernels >=4.8. The assumption is that getrandom(2) will
> > be used instead. Getrandom syscall was added in kernel 3.17 by commit
> > c6e9d6f38894 ("random: introduce getrandom(2) system call"). So on a
> > system with 4.8+ kernel and pre-3.17 libc headers both getrandom and
> > devrandom can't be used.
>
> Where would we find a system where we're building with pre-3.17 libc
> headers?
>
> We updated to 3.17 in 2014:
>...
Native uses the host one.
In Yocto >= 3.1 old host distributions have to use the
buildtools-extended tarball for unrelated reasons,
which should fix this problem.
Building Yocto <= 3.0 on Debian 8 (3.16 userspace headers) running the
optional kernel 4.9 would match the reported problem.
Or building Yocto <= 3.0 in a chroot with an older distribution
on a system running a more recent kernel.
> Cheers,
>
> Richard
cu
Adrian
next prev parent reply other threads:[~2020-07-10 22:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 19:39 [PATCH] openssl: add rdcpu to rand-seed Taras Kondratiuk
2020-07-10 20:01 ` Khem Raj
2020-07-10 22:29 ` Taras Kondratiuk
2020-07-10 20:21 ` [OE-core] " Richard Purdie
2020-07-10 22:13 ` Adrian Bunk [this message]
2020-07-10 23:25 ` Taras Kondratiuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200710221332.GA27369@localhost \
--to=bunk@stusta.de \
--cc=alex.kanavin@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
--cc=richard.purdie@linuxfoundation.org \
--cc=takondra@cisco.com \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.