diff options
| author | Khem Raj <raj.khem@gmail.com> | 2020-01-17 18:58:17 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-01-28 11:15:02 +0000 |
| commit | cd1d971e25cf882054396ea558b1faa6a8a00c02 (patch) | |
| tree | 3c3a47c1a092c087485d783d9cd8b2692fb49e5f | |
| parent | f664bebdbc7bdfc6167dd7a9b370475aa54053c3 (diff) | |
| download | poky-cd1d971e25cf882054396ea558b1faa6a8a00c02.tar.gz | |
openssl: Enable os option for with-rand-seed as well
with openSSL 1.1.1d we start seeing errors like
Error Generating Key
139979727451584:error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy:../openssl-1.1.1d/crypto/rand/drbg_lib.c:342:
when using openssl from openssl-native on build hosts, this is due to
limiting the random seed to devrandom, to support older hosts, since the
option allows to have a comma separated list of methods to try, we can
try the default first and if that fails then fallback to devrandom, this
will ensure that it keeps working with build systems which dont support
getrandom()
(From OE-Core rev: b9fb2913c72ec771e4da2931528f6f5425c14913)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb index b00624650a..0e65f333e2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb | |||
| @@ -42,10 +42,10 @@ do_configure[cleandirs] = "${B}" | |||
| 42 | EXTRA_OECONF_append_libc-musl = " no-async" | 42 | EXTRA_OECONF_append_libc-musl = " no-async" |
| 43 | EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" | 43 | EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm" |
| 44 | 44 | ||
| 45 | # This prevents openssl from using getrandom() which is not available on older glibc versions | 45 | # adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions |
| 46 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) | 46 | # (native versions can be built with newer glibc, but then relocated onto a system with older glibc) |
| 47 | EXTRA_OECONF_class-native = "--with-rand-seed=devrandom" | 47 | EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom" |
| 48 | EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom" | 48 | EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom" |
| 49 | 49 | ||
| 50 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. | 50 | # Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate. |
| 51 | CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" | 51 | CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin" |