[Pkg-openssl-devel] Bug#990228: Bug#990228: Bug#990228: Bug#990228: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Kurt Roeckx
kurt at roeckx.be
Wed Jun 23 23:41:15 BST 2021
On Thu, Jun 24, 2021 at 12:20:45AM +0200, Kurt Roeckx wrote:
>
> From the manpage:
> Random State Options
>
> Prior to OpenSSL 1.1.1, it was common for applications to store
> information about the state of the random-number generator in a
> file that was loaded at startup and rewritten upon exit. On
> modern operating systems, this is generally no longer necessary
> as OpenSSL will seed itself from a trusted entropy source
> provided by the operating system. These flags are still supported
> for special platforms or circumstances that might require them.
>
> Reading something from /dev/urandom and then writing it back to it
> doesn't make sense to me.
>
> The expected behaviour is that you can read back the file you've
> written, which clearly is not what /dev/urandom does.
>
> If you need to save the file, you actually want a file that's still
> there after a reboot.
>
> I would recommend to just remove the option from the config file.
>
> That being said, the manpage seems to indicate that a non-regular
> file should also be supported for reading, but it's unclear if
> that also applies to writing, and would assume it is, so this also
> looks like a bug in OpenSSL.
The reason for the check that it's not a regular file is that you
actually want to be able to delete it's content, so that you're sure
it's not reused. But OpenSSL APIs for actually properly
implementing it aren't that great to start with.
Kurt
More information about the Pkg-openssl-devel
mailing list