1. Forum
  2. Usenet
  3. COMP.SYS.TANDEM

  • OpenSSL 1.1.1 on NSX

    From Peter Collins@21:1/5 to All on Mon Apr 4 18:46:14 2022
    Hi All,

    I've downloaded and installed this version (above) from iTuglib.

    After setting the LIB location as suggested Openssl starts up ... but any operation requiring random numbers fails with entropy issues etc.:

    OpenSSL> version -a
    OpenSSL 1.1.1n 15 Mar 2022
    built on: Wed Mar 16 02:20:50 2022 UTC
    platform: nonstop-nsx
    options: bn(32,32) rc4(int) des(long) idea(int) blowfish(ptr)
    compiler: c99 -Wverbose -I/usr/local/include -g -O2 -Wextensions -Wnowarn=203,220,272,734,770,1506 -Wbuild_neutral_library -Wverbose -I/usr/local/include -DOPENSSL_PIC -DOPENSSL_VPROC= -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -DB_ENDIAN -DOPENSSL_
    SYSNAME_TANDEM -DOPENSSL_TANDEM_FLOSS -DNDEBUG
    OPENSSLDIR: "/usr/local-ssl1.1/ssl"
    ENGINESDIR: "/usr/local-ssl1.1/lib/engines-1.1"
    Seeding source: EGD ( "/var/run/egd-pool" "/dev/egd-pool" "/etc/egd-pool" "/etc/entropy" )


    For example:

    OpenSSL> rand 10
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    0:error:2406B072:random number generator:RAND_DRBG_generate:in error state:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:588:
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    etc.
    Any ideas anyone?

    Regards,

    Peter Collins

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randall@21:1/5 to Peter Collins on Tue Apr 5 12:12:43 2022
    On Monday, April 4, 2022 at 9:46:15 p.m. UTC-4, Peter Collins wrote:
    Hi All,

    I've downloaded and installed this version (above) from iTuglib.

    After setting the LIB location as suggested Openssl starts up ... but any operation requiring random numbers fails with entropy issues etc.:

    OpenSSL> version -a
    OpenSSL 1.1.1n 15 Mar 2022
    built on: Wed Mar 16 02:20:50 2022 UTC
    platform: nonstop-nsx
    options: bn(32,32) rc4(int) des(long) idea(int) blowfish(ptr)
    compiler: c99 -Wverbose -I/usr/local/include -g -O2 -Wextensions -Wnowarn=203,220,272,734,770,1506 -Wbuild_neutral_library -Wverbose -I/usr/local/include -DOPENSSL_PIC -DOPENSSL_VPROC= -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -DB_ENDIAN -DOPENSSL_
    SYSNAME_TANDEM -DOPENSSL_TANDEM_FLOSS -DNDEBUG
    OPENSSLDIR: "/usr/local-ssl1.1/ssl"
    ENGINESDIR: "/usr/local-ssl1.1/lib/engines-1.1"
    Seeding source: EGD ( "/var/run/egd-pool" "/dev/egd-pool" "/etc/egd-pool" "/etc/entropy" )


    For example:

    OpenSSL> rand 10
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    0:error:2406B072:random number generator:RAND_DRBG_generate:in error state:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:588:
    0:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:/home/ituglib/randall/jenkins/.jenkins/workspace/OpenSSL-1.1_Pipeline/crypto/rand/drbg_lib.c:335:
    etc.
    Any ideas anyone?

    Regards,

    Peter Collins

    Please see my other response. You need to run PRNGD (from coreutils) for OpenSSL 1.x. This has not changed from prior OpenSSL releases. At OpenSSL 3.x, the x86 hardware randomizer is used, so you don't need PRNGD anymore. The command to start PRNGD is:

    /usr/coreutils/sbin/prngd -f /etc/egd-pool tcp/localhost:708

    Which you should make as a kernel managed process. The good thing is that PRNGD is part of CoreUtils T1202, so is supported by GNSC.

    Good luck,
    Randall

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)