openssl: Current master does not load RDRAND engine by default?
$ openssl3 version
OpenSSL 3.1.0-dev (Library: OpenSSL 3.1.0-dev )
$ openssl rand -hex 16
$ openssl rand -engine rdrand -hex 16
Engine "rdrand" set.
ac91a3fbbfda96c49b82316d3b6a301d
$
OpenSSL-1.1.1 seemed to have no problem finding RDRAND engine:
$ openssl11 version
OpenSSL 1.1.1l 24 Aug 2021
$ openssl11 rand -hex 16
1ddc8ecf8b358bd899744a35c2796d86
$
Needless to say, I want/need RDRAND engine to be loaded by default (in 3.+). What do I need to do with openssl.cnf to get it?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 23 (23 by maintainers)
Removing that binding alleviated the problem.
Be careful if using rand from card if card used for login. That might lead an attack on your system.
On Tue, Nov 9, 2021, 10:36 PM Pauli @.***> wrote:
Phew! This makes some kind of sense.
I’m guessing the PKCS#11 engine is installing a default randomness source. This will override the built-in sources. I’d not even considered this possibility. Good sleuthing.
Adding the command line option will add the rdrand source over the top.