-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error retrieving entropy since OpenSSL 1.1.1d #31671
Comments
/cc @nodejs/platform-ppc |
Did you try the fix from that thread? http://lists.openembedded.org/pipermail/openembedded-core/2019-September/287143.html OpenSSL requires seeding from the OS, there are occaisonally problems reported on the openssl list when the OS considers itself to lack entropy. This would be interesting to see after failure:
|
Our copy of openssl is built with Can you post the output of |
@sam-github @bnoordhuis Thank you for your reply. As soon as I get access to the system I will get you the information. |
I hit the same issue on: Got around it by dropping back to nodejs prebuilt binary 12.11.1 that has openssl 1.1.1.c. I would prefer to use the prebuilt binaries since it is difficult for me to compile nodejs. Will this issue be resolved in the next binary? thanks, |
@amcintyre99 Can you try the things @sam-github and I asked? |
@bnoordhuis |
@ansteiner Can you post the full output? It's missing the part I'm interested in. Thanks. |
@sam-github: cat /proc/sys/kernel/random/entropy_avail @bnoordhuis: I got the full output now:
|
Interesting, it's neither calling getrandom() nor reading from /dev/urandom. It is however reading /etc/ssl/openssl.cnf. Can you post the contents of that file? My guess is that you have a config option in there that interferes with the CSPRNG. Also, what do |
From s390x land, I switched to 12.16.0 and it no longer fails. It was NPM -V where I was seeing the issue, but not any more. Possibily the uber Linux guys above me that I told about this issue did something. Andrew |
@bnoordhuis: ./node -p process.versions print? |
Thanks. I don't see anything obviously wrong with that config file. The RANDFILE setting shouldn't affect the CSPRNG, as far as I'm aware. You might want to open an issue with openssl. The relevant openssl APIs that node uses are:
I.e., |
Hello, We do see the same problem on SLES12SP4 leppc with nodejs V10.17.0 (SAP HANA component) and OpenSSL 1_0_0-1.0.2p-3.14.1.ppc64le . from strace: mprotect(0x2946daaa0000, 327680, PROT_READ|PROT_EXEC) = 0 Error: error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy Bye |
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: nodejs#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: nodejs#10044 Fixes: nodejs#31671
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: openssl/openssl#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: openssl/openssl#10044 Fixes: #31671 PR-URL: #32002 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: openssl/openssl#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: openssl/openssl#10044 Fixes: #31671 PR-URL: #32002 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: openssl/openssl#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: openssl/openssl#10044 Fixes: #31671 PR-URL: #32002 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: openssl/openssl#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: openssl/openssl#10044 Fixes: #31671 PR-URL: #32002 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
OpenSSL 1.1.1d does not ship with getrandom syscall being predefined on all architectures. So when NodeJS is run with glibc prior to 2.25, where getentropy is unavailable, and the getrandom syscall is unknown, it will fail. PPC64LE or s390 are affected by lack of this definition. Original commit message. commit 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 Author: Kurt Roeckx <kurt@roeckx.be> Date: Sat Sep 28 14:59:32 2019 +0200 Add defines for __NR_getrandom for all Linux architectures Fixes: openssl/openssl#10015 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: openssl/openssl#10044 Fixes: #31671 PR-URL: #32002 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Linux frdgosdpdbs1 4.12.14-95.19-default deps: update openssl to 1.0.1j #1 SMP Tue Jun 11 11:04:48 UTC 2019 (a904a7f) ppc64le ppc64le ppc64le GNU/Linux
I have observed an issue with Node.js versions using OpenSSL 1.1.1d on a ppc64le machine where the entropy cannot be initialized when calling randomBytes:
This behavior is observed directly after the Node.js application was started and after randomBytes was called.
It seems to be the same issue as reported here: http://lists.openembedded.org/pipermail/openembedded-core/2019-September/287081.html
The text was updated successfully, but these errors were encountered: