[Pkg-openssl-devel] Bug#689490: openssl: using openssl from maintainer scripts creates /root/.rnd
Kurt Roeckx
kurt at roeckx.be
Thu May 26 21:50:13 UTC 2016
On Thu, May 26, 2016 at 11:30:50PM +0200, Sebastian Andrzej Siewior wrote:
> On 2016-05-26 23:11:13 [+0200], Kurt Roeckx wrote:
> > > So do we feel like changing something or sitting that one out until post new
> > > RNG code? I *guess* a patch to allow using /dev/urandom instead of .rnd will
> > > be deferred until the new RNG is there.
> >
> > I guess I didn't look close enough to how it works now, but it
> > should also use /dev/urandom.
>
> Iit looks at an environment variable first. If that one is not there is goes for
> $HOME/.rnd unless setuid. If $HOME is missing it will go for /dev/srandom and
> something else on OpenBSD (this is replay from memory).
Doing a strace of genrsa, I see:
stat("/home/kurt/.rnd", {st_mode=S_IFREG|0600, st_size=1024, ...}) = 0
open("/home/kurt/.rnd", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0600, st_size=1024, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcb33dce000
read(5, [...], 4096) = 1024
read(5, "", 4096) = 0
close(5) = 0
munmap(0x7fcb33dce000, 4096) = 0
write(2, "Generating RSA private key, 2048"..., 50Generating RSA private key, 2048 bit long modulus
) = 50
getpid() = 6945
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 5
fstat(5, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=5, events=POLLIN}], 1, 10) = 1 ([{fd=5, revents=POLLIN}])
read(5, [...], 32) = 32
close(5) = 0
As far as I understand rand_bytes() will always call RAND_poll() at
least once, so everything requesting random bytes should get that.
However the apps also do something with a .rnd file and both are mixed in.
Kurt
More information about the Pkg-openssl-devel
mailing list