prng_init() is failing in 5.24 when cross-compiling with openssl due to a combination of two reasons: 1. The --with-random configure option is not supported when cross compiling. 2. The hardcoded /dev/urandom is no longer used if OPENSSL_NO_EGD is not defined.
The following patch reverts the behaviour to how it was in 5.23, but probably the --with-random configure option should be supported too.
--- stunnel-5.25.orig/src/ssl.c +++ stunnel-5.25/src/ssl.c @@ -207,7 +207,8 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g return 0; /* success */ } s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG"); -#elif !defined(OPENSSL_NO_EGD) +#else +#ifndef OPENSSL_NO_EGD if(global->egd_sock) { if((bytes=RAND_egd(global->egd_sock))==-1) { s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock); @@ -220,7 +221,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g so no need to check if seeded sufficiently */ } } -#else +#endif /* try the good-old default /dev/urandom, if available */ totbytes+=add_rand_file(global, "/dev/urandom"); if(RAND_status())
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 15.10.2015 06:40, Philip Craig wrote:
prng_init() is failing in 5.24 when cross-compiling with openssl
Indeed. Thank you. I'll include the fix with the next release.
The following patch reverts the behaviour to how it was in 5.23, but probably the --with-random configure option should be supported too.
I'll add it if there is at least one platform that requires it.
Mike
-
Michal Trojnara -
Philip Craig