[Pkg-openssl-devel] Bug#990228: Bug#990228: Bug#990228: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom

Wed Jun 23 23:20:45 BST 2021

On Wed, Jun 23, 2021 at 09:05:03PM +0200, Sebastian Andrzej Siewior wrote:
> On 2021-06-23 14:46:37 [+0200], Andreas Beckmann wrote:
> >   Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
> >   -----
> >   Warning: No -copy_extensions given; ignoring any extensions in the request
> >   Cannot write random bytes:
> >   8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
> …
> > Hmm, well, yes, /dev/urandom is not a regular file. It's a character device node.
> 
> This is from
>   -config $file
> ->
>  RANDFILE                = /dev/urandom
> 
> The reject of file nodes is new in the 3.0.0 release.
> In the past openssl used to have its .rnd where it keept track of a
> random state. So it read the RANDFILE to seed and wrote it back to avoid
> having the state on the next invocation.
> This is gone since 1.1.0 (I think) and openssl uses getrandom() to
> initialize its random generator. It is no longer needed to specify
> /dev/urandom as RANDFILE to seed it initially.
> In this case it will read urandom and use additionally getrandom() and
> both provide pseude-random data from exactly the same pool. And then
> after the operation, openssl will write it back…
> 
> I would argue to remove RANDFILE from the template. On the other hand
> there is nothing wrong with writting it back to a device node file.
> 
> Kurt?

>From the manpage:
   Random State Options

   Prior to OpenSSL 1.1.1, it was common for applications to store
   information about the state of the random-number generator in a
   file that was loaded at startup and rewritten upon exit. On
   modern operating systems, this is generally no longer necessary
   as OpenSSL will seed itself from a trusted entropy source
   provided by the operating system. These flags are still supported
   for special platforms or circumstances that might require them.

Reading something from /dev/urandom and then writing it back to it
doesn't make sense to me.

The expected behaviour is that you can read back the file you've
written, which clearly is not what /dev/urandom does.

If you need to save the file, you actually want a file that's still
there after a reboot.

I would recommend to just remove the option from the config file.

That being said, the manpage seems to indicate that a non-regular
file should also be supported for reading, but it's unclear if
that also applies to writing, and would assume it is, so this also
looks like a bug in OpenSSL.

Kurt