On Fri, Sep 20, 2019 at 03:13:44PM +0200, Andrey Zhizhikin wrote: > Hello Raj, > > On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <[email protected]> wrote: > > > > with openSSL 1.1.1d we start seeing errors like > > > > Error Generating Key > > 139979727451584:error:2406C06E:random number > > generator:RAND_DRBG_instantiate:error retrieving > > entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342: > > > > when using openssl from openssl-native on build hosts, this is due to > > limiting the random seed to devrandom, to support older hosts, since the > > option allows to have a comma separated list of methods to try, we can > > try the default first and if that fails then fallback to devrandom, this > > will ensure that it keeps working with build systems which dont support > > getrandom() > > > > Signed-off-by: Khem Raj <[email protected]> > > Cc: Adrian Bunk <[email protected]> > > Cc: Alexander Kanavin <[email protected]> > > --- > > Just as a test report for this patch: > > I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately > my sshd given up with a message: PRNG is not seeded > > Reverting commits (effectively rolling back to openssl 1.1.1c) made > sshd operable again.: > 53b5654d6e openssl: Enable os option for with-rand-seed as well > 2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d
Do you have rng-tools on the image? That helped me with the kernel random pool initialization for sshd in iMX8 and openssl 1.1.1x. I don't see how 53b5654d6e could change this behavior for target openssl. 2c6b9b918c could change the behavior and would be suprise. Maybe also target recipe needs --with-rand-seed=os,devrandom on iMX8 or similar platforms. -Mikko -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
