[Pkg-openssl-devel] Bug#990228: Bug#990228: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jun 23 20:05:03 BST 2021
On 2021-06-23 14:46:37 [+0200], Andreas Beckmann wrote:
> Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
> -----
> Warning: No -copy_extensions given; ignoring any extensions in the request
> Cannot write random bytes:
> 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
…
> Hmm, well, yes, /dev/urandom is not a regular file. It's a character device node.
This is from
-config $file
->
RANDFILE = /dev/urandom
The reject of file nodes is new in the 3.0.0 release.
In the past openssl used to have its .rnd where it keept track of a
random state. So it read the RANDFILE to seed and wrote it back to avoid
having the state on the next invocation.
This is gone since 1.1.0 (I think) and openssl uses getrandom() to
initialize its random generator. It is no longer needed to specify
/dev/urandom as RANDFILE to seed it initially.
In this case it will read urandom and use additionally getrandom() and
both provide pseude-random data from exactly the same pool. And then
after the operation, openssl will write it back…
I would argue to remove RANDFILE from the template. On the other hand
there is nothing wrong with writting it back to a device node file.
Kurt?
>
> cheers,
>
> Andreas
Sebastian
More information about the Pkg-openssl-devel
mailing list