[Pkg-openssl-devel] Bug#922732: Bug#922732: openssl: ~/.rnd (RANDFILE) ignored
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Apr 15 07:44:11 BST 2020
On 2020-04-14 21:54:27 [+0000], Thorsten Glaser wrote:
> Sebastian Andrzej Siewior dixit:
>
> I’d expect the content of the file to be mixed in at startup
> and updated from the OpenSSL-internal pool, like in earlier
> versions.
No, this is mostly gone as part of the rewrite of RNG. From the
documentation:
| OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
| seeding mechanism. The new seeding mechanism makes it unnecessary to
| define a RANDFILE for saving and restoring randomness. This option is
| retained mainly for compatibility reasons.
The RANDFILE is gone from the default configuration (as shipped with the
openssl package). If you add it manually, only a few commands, like
`openssl ca', will continue to read and write that file. The `openssl
rand' is not one of them.
> bye,
> //mirabilos
Sebastian
More information about the Pkg-openssl-devel
mailing list