-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LibreSSL 3.7.x dossn't implment 'openssl genrsa -rand' #839
Comments
This option was neutered in the very early days of the fork and removed a couple of months later, nearly 9 years ago. Did gentoo add use of this only recently? That would seem odd... Implementing Here's a diff you can use if you want: --- apps/openssl/genrsa.c.orig
+++ apps/openssl/genrsa.c
@@ -90,6 +90,7 @@ static struct {
unsigned long f4;
char *outfile;
char *passargout;
+ char *rand_dummy;
} cfg;
static int
@@ -251,6 +252,11 @@ static const struct option genrsa_option
.desc = "Output file passphrase source",
.type = OPTION_ARG,
.opt.arg = &cfg.passargout,
+ },
+ {
+ .name = "rand",
+ .type = OPTION_ARG,
+ .opt.arg = &cfg.rand_dummy,
},
{ NULL },
}; |
The patch does work for me and is very helpful, thanks! Given the background I imagine adding it back might not be the best idea, although I wonder if any build systems depend on this?
Seems not, it was part of the Github initial commit for Gentoo. Then LibreSSl support was added. And then removed... Its not a fatal error so it seems it was overlooked before. Since patching it in the Gentoo overlay is good enough for me I will close this. |
Gentoo uses 'openssl genrsa -rand' in ssl-cert.eclass, but LibreSSL doesn't support -rand so this patch makes it a no-op for compatibility. Upstream-issue: libressl/portable#839 Signed-off-by: orbea <orbea@riseup.net>
@botovq Another user of Perhaps it might help if these were added as no-ops? |
With LibreSSL the command
openssl genrsa
doesn't support the-rand
command-line argument as does OpenSSL, but Gentoo inside the eclasses has this function.Where
$SSL_RANDOM
is:Which causes many ebuild to generate this error.
Is it possible to implement
openssl genrsa -rand
in LibreSSL? Doing so as a no-op would be adequate for my needs. Changing the eclass in the Gentoo LibreSSL overlay would be problematic.OpenSSL documents the feature:
https://www.openssl.org/docs/man1.0.2/man1/genrsa.html
The text was updated successfully, but these errors were encountered: