Hello Raj, On Tue, Sep 17, 2019 at 8:50 PM Khem Raj <raj.k...@gmail.com> wrote: > > with openSSL 1.1.1d we start seeing errors like > > Error Generating Key > 139979727451584:error:2406C06E:random number > generator:RAND_DRBG_instantiate:error retrieving > entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342: > > when using openssl from openssl-native on build hosts, this is due to > limiting the random seed to devrandom, to support older hosts, since the > option allows to have a comma separated list of methods to try, we can > try the default first and if that fails then fallback to devrandom, this > will ensure that it keeps working with build systems which dont support > getrandom() > > Signed-off-by: Khem Raj <raj.k...@gmail.com> > Cc: Adrian Bunk <b...@stusta.de> > Cc: Alexander Kanavin <alex.kana...@gmail.com> > ---
Just as a test report for this patch: I've tested this patch on the HW (i.MX8M Mini EVK) and unfortunately my sshd given up with a message: PRNG is not seeded Reverting commits (effectively rolling back to openssl 1.1.1c) made sshd operable again.: 53b5654d6e openssl: Enable os option for with-rand-seed as well 2c6b9b918c openssl: Upgrade 1.1.1c -> 1.1.1d I'm not sure whether this is related to the Kernel used in i.MX8M Mini series or the openssl version used... I'd try to use a different HW to verify this patch further (perhaps Altera CV) to see if the sshd is broken there as well. -- andrey -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core