From: "Adrian Bunk" <bunk@stusta.de>
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: takondra@cisco.com, Alexander Kanavin <alex.kanavin@gmail.com>,
Khem Raj <raj.khem@gmail.com>,
xe-linux-external@cisco.com,
OE-core <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH] openssl: add rdcpu to rand-seed
Date: Sat, 11 Jul 2020 01:13:32 +0300 [thread overview]
Message-ID: <20200710221332.GA27369@localhost> (raw)
In-Reply-To: <3d63c868f4e94dee8c7ee05a3afa0f0620f98a15.camel@linuxfoundation.org>
On Fri, Jul 10, 2020 at 09:21:26PM +0100, Richard Purdie wrote:
> On Fri, 2020-07-10 at 12:39 -0700, Taras Kondratiuk via lists.openembedded.org wrote:
> > Native[sdk] openssl fails to initialize RNG on systems where native[sdk]
> > glibc is built against pre-3.17 linux-libc-headers, but runs on 4.8+
> > kernel:
> > 140737348333184:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1g/crypto/rand/drbg_lib.c:342
> >
> > Commit 3ff98f558157 ("Start up DEVRANDOM entropy improvement for older
> > Linux devices.") in OpenSSL 1.1.1d has effectively disabled devrandom
> > seed source for kernels >=4.8. The assumption is that getrandom(2) will
> > be used instead. Getrandom syscall was added in kernel 3.17 by commit
> > c6e9d6f38894 ("random: introduce getrandom(2) system call"). So on a
> > system with 4.8+ kernel and pre-3.17 libc headers both getrandom and
> > devrandom can't be used.
>
> Where would we find a system where we're building with pre-3.17 libc
> headers?
>
> We updated to 3.17 in 2014:
>...
Native uses the host one.
In Yocto >= 3.1 old host distributions have to use the
buildtools-extended tarball for unrelated reasons,
which should fix this problem.
Building Yocto <= 3.0 on Debian 8 (3.16 userspace headers) running the
optional kernel 4.9 would match the reported problem.
Or building Yocto <= 3.0 in a chroot with an older distribution
on a system running a more recent kernel.
> Cheers,
>
> Richard
cu
Adrian
next prev parent reply other threads:[~2020-07-10 22:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-10 19:39 [PATCH] openssl: add rdcpu to rand-seed Taras Kondratiuk
2020-07-10 20:01 ` Khem Raj
2020-07-10 22:29 ` Taras Kondratiuk
2020-07-10 20:21 ` [OE-core] " Richard Purdie
2020-07-10 22:13 ` Adrian Bunk [this message]
2020-07-10 23:25 ` Taras Kondratiuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200710221332.GA27369@localhost \
--to=bunk@stusta.de \
--cc=alex.kanavin@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=raj.khem@gmail.com \
--cc=richard.purdie@linuxfoundation.org \
--cc=takondra@cisco.com \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox