diff options
author | Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> | 2024-07-12 22:55:14 +0200 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2024-07-31 06:44:51 +0200 |
commit | f8c510cd20a43f7ac7705aca40fd38aacd5febeb (patch) | |
tree | 38be89c44f79a0b237d7956de4b7a809bc869736 /Configure | |
parent | JITTER: excercise all tests in CI with JITTER seed source under certain build... (diff) | |
download | openssl-f8c510cd20a43f7ac7705aca40fd38aacd5febeb.tar.xz openssl-f8c510cd20a43f7ac7705aca40fd38aacd5febeb.zip |
JITTER: implement error handling from jitter library
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
Diffstat (limited to 'Configure')
-rwxr-xr-x | Configure | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -1321,15 +1321,14 @@ if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { ============================== WARNING =============================== You have selected the --with-rand-seed=none option, which effectively -disables automatic reseeding of the OpenSSL random generator. +disables automatic reseeding of the OpenSSL SEED-SRC random generator. All operations depending on the random generator such as creating keys will not work unless the random generator is seeded manually by the application. -Alternative to manually seeding is to compile with JITTER RNG enabled, -it will be used instead of rand-seed=none. Or specify alternative -seed= provider in openssl.cnf (for example from a 3rd party entropy -provider). +Instead of manually seeding, a different random generator can be set +at runtime in openssl.cnf or configured at build time with +-DOPENSSL_DEFAULT_SEED_SRC. Please read the 'Note on random number generation' section in the INSTALL.md instructions and the RAND_DRBG(7) manual page for more |