unsubscribe Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: openssl-users <openssl-users-boun...@openssl.org> on behalf of Dr Paul Dale <pa...@openssl.org> Sent: Wednesday, November 10, 2021 2:20:03 PM To: openssl-users@openssl.org <openssl-users@openssl.org> Subject: Re: OpenSSL-3.+ how to configure [random]?
I'm pretty sure the underlying problem is that there is a call to RAND_set_rand_method() or RAND_set_rand_engine() occurring (likely the latter). These completely replace the built in RNG infrastructure with the RAND_METHOD/engine. If the engine then fails to produce output for any reason, the observed results will present. Adding the RDRAND engine again replaces the RAND_METHOD and things begin working. I've no idea why the PKCS#11 engine has stopped working with 3.0. It wasn't meant to. Pauli On 11/11/21 1:36 am, Blumenthal, Uri - 0553 - MITLL wrote: > Yes, it's related to > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fissues%2F16996&data=04%7C01%7Cmatthew%40tannerpress.net%7Cf22a5656a34f49cfa6da08d9a4878292%7Cc1577ca58fb24073b18afcfb3e42f771%7C0%7C0%7C637721724221925626%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C5000&sdata=HhqKToNElQMiY5zqwP79XUmbHU5yNYLbFhUr3LwjV3s%3D&reserved=0, > and yes - the same solution worked. > > There's something wrong with how PKCS#11 engine deals with (or presents > itself as) rand provider. > In any case, removing PKCS#11 engine from the [engines] section alleviated > this problem. > > Thanks! > > P.S. I configured rand seed sources the standard way: > "--with-rand-seed=rdcpu,os", as I think everybody does.