Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure: Improve warning if no random seed source was configured #7509

Closed
wants to merge 1 commit into from
Closed

Configure: Improve warning if no random seed source was configured #7509

wants to merge 1 commit into from

Conversation

mspncp
Copy link
Contributor

@mspncp mspncp commented Oct 28, 2018
edited

The new Configure summary box (41349b5) hides the warning about the missing seed source (2805ee1) too much. To make it more visible again, place it into a box of the same width.

Before

/usr/bin/perl ./Configure debug-linux-x86_64 shared enable-crypto-mdebug --strict-warnings --prefix=/opt/openssl-dev --with-rand-seed=none
Configuring OpenSSL version 1.1.2-dev (0x10102000L) for debug-linux-x86_64
You have selected the --with-rand-seed=none option, which effectively disables
automatic reseeding of the OpenSSL random generator. All operations depending
on the random generator such as creating keys will not work unless the random
generator is seeded manually by the application.

Please read the 'Note on random number generation' section in the INSTALL
instructions and the RAND_DRBG(7) manual page for more details.
Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************

After

/usr/bin/perl ./Configure debug-linux-x86_64 shared enable-crypto-mdebug --strict-warnings --prefix=/opt/openssl-dev --with-rand-seed=none
Configuring OpenSSL version 1.1.2-dev (0x10102000L) for debug-linux-x86_64

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!                                                                !!!
!!! OpenSSL has been configured without random seed source         !!!
!!!                                                                !!!
!!! The configuration includes the --with-rand-seed=none option,   !!!
!!! which effectively disables automatic reseeding of the OpenSSL  !!!
!!! random generator. All operations depending on the random       !!!
!!! generator such as creating keys will not work unless the       !!!
!!! random generator is seeded manually by the application.        !!!
!!!                                                                !!!
!!! Please read the 'Note on random number generation' section in  !!!
!!! the INSTALL instructions and the RAND_DRBG(7) manual page.     !!!
!!!                                                                !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************

@mspncp mspncp added branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch labels Oct 28, 2018
@mspncp mspncp added this to the 1.1.1a milestone Oct 28, 2018
@mspncp mspncp force-pushed the pr-configure-improve-rand-seed-warning branch from 4913202 to 3ee294f Compare October 28, 2018 11:57
@levitte
Copy link
Member

levitte commented Oct 28, 2018

The output you show us feels overly much. That many bangs screams "WE HAVE A SERIOUS ERROR" to me.

I agree, however, with the need to emphasize, so if I may suggest a middle ground:

/usr/bin/perl ./Configure debug-linux-x86_64 shared enable-crypto-mdebug --strict-warnings --prefix=/opt/openssl-dev --with-rand-seed=none
Configuring OpenSSL version 1.1.2-dev (0x10102000L) for debug-linux-x86_64

========== WARNING ===================================================
You have selected the --with-rand-seed=none option, which effectively disables
automatic reseeding of the OpenSSL random generator. All operations depending
on the random generator such as creating keys will not work unless the random
generator is seeded manually by the application.

Please read the 'Note on random number generation' section in the INSTALL
instructions and the RAND_DRBG(7) manual page for more details.
========== WARNING ===================================================

Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************```

@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

The output you show us feels overly much. That many bangs screams "WE HAVE A SERIOUS ERROR" to me.

You are right, it was too screaming (the motivation of the !!! was to distinguish the warning from the summary). Does it look better now?

@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

Arrgh! I got my branches mixed up! The changes in randfile.c don't belong here :-/ Hang on, I'll take a deep breath and fix it...

@mspncp
Configure: Improve warning if no random seed source was configured
2a12952 
The new Configure summary box (41349b5) now hides the warning
about the missing seed source (2805ee1) too much. To make it
more visible again, place it into a box of the same width.
@mspncp mspncp force-pushed the pr-configure-improve-rand-seed-warning branch from 2f02ea9 to 2a12952 Compare October 28, 2018 13:35
@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

Ok, fixed. Now I have to look whether the cuckoo fixup is missing in someone else's nest...

@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

Thanks for approving, Richard. I noticed that the commit message is now incorrect, so I will change it as follows when merging:

   Configure: Improve warning if no random seed source was configured
    
    The new Configure summary box (41349b5e6db) now hides the warning
    about the missing seed source (2805ee1e095) too much. To make it
-   more visible again, place it into a box of the same width.
+   more visible again, add warning markers.

levitte pushed a commit that referenced this pull request Oct 28, 2018
@mspncp
Configure: Improve warning if no random seed source was configured
a14174a 
The new Configure summary box (41349b5) now hides the warning
about the missing seed source (2805ee1) too much. To make it
more visible again, add warning markers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #7509)

(cherry picked from commit caa8595)
levitte pushed a commit that referenced this pull request Oct 28, 2018
@mspncp
Configure: Improve warning if no random seed source was configured
caa8595 
The new Configure summary box (41349b5) now hides the warning
about the missing seed source (2805ee1) too much. To make it
more visible again, add warning markers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from #7509)
@mspncp
Copy link
Contributor Author

mspncp commented Oct 28, 2018

Merged to master and 1.1.1, thanks!

@mspncp mspncp closed this Oct 28, 2018
@mspncp mspncp deleted the pr-configure-improve-rand-seed-warning branch October 28, 2018 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@levitte levitte levitte approved these changes

Assignees
No one assigned
Labels
branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch
Projects
None yet
Milestone
1.1.1a
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mspncp @levitte