Bug 1043815

Summary: No RAND_egd() available from openssl required by mailx
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dr. Werner Fink <werner>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: meissner, tchvatal, vcizek
Version: Current   
Target Milestone: ---   
Hardware: All   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1042629    

Description Dr. Werner Fink 2017-06-12 10:26:59 UTC 
mailx depend on RAND_egd()

+++ This bug was initially created as a clone of Bug #1042663 +++

The package fails to build with openssl-1.1. For more information
see the blocker bug.

Currently tested in Staging:I
https://rudin.suse.de:8894/package/live_build_log/openSUSE:Factory:Staging:I/mailx/standard/x86_64
Comment 1 Tomáš Chvátal 2017-06-12 10:53:42 UTC 
Just for sake of completion:

All these functions on 1.0 and older were patched to always return -1 on SUSE.
Comment 2 Marcus Meissner 2017-06-12 14:58:02 UTC 
I would suggest not to to call this function, but use the generic RAND_ functions.
Comment 3 Dr. Werner Fink 2017-06-12 15:17:55 UTC 
(In reply to Marcus Meissner from comment #2)
> I would suggest not to to call this function, but use the generic RAND_
> functions.

Hmmm ... the code is there and the variable ssl-rand-egd is well known
for many mailx users


       ssl-rand-egd
              Gives the pathname to an entropy daemon socket, see
              RAND_egd(3).

       ssl-rand-file
              Gives the pathname to a file with entropy data, see
              RAND_load_file(3).  If the file is a regular file
              writable by  the  invoking user, new data is written to
              it after it has been loaded.  Only applicable if SSL/TLS
              support is built using OpenSSL.

in meanwhile I'm using this

        if ((cp = value("ssl-rand-egd")) != NULL) {
                cp = expand(cp);
#ifndef OPENSSL_NO_EGD
                if (RAND_egd(cp) == -1)
#else
                if (1)
#endif
                {
                        fprintf(stderr, catgets(catd, CATSET, 245,
                                "entropy daemon at \"%s\" not available\n"),
                                        cp);
                } else
                        state = 1;

... is there any replacement for RAND_egd(3)?
Comment 4 Vítězslav Čížek 2017-06-13 09:02:20 UTC 
(In reply to Dr. Werner Fink from comment #3)
> ... is there any replacement for RAND_egd(3)?
The support for entropy gathering daemon is now disabled at build time.
Loading entropy from external sources is possible with RAND_load_file, which mailx utilizes with the ssl-rand-file option.
Besides that, OpenSSL relies on the kernel (getrandom(2), /dev/urandom) as the source of randomness.
mailx could mention in the manpage that the ssl-rand-egd option will be ignored.
Comment 5 Vítězslav Čížek 2017-08-19 10:52:46 UTC 
Upstream turned off EGD support in 1.1.0 and moreover, the functionality was patched out on openSUSE for a while. We'll keep it disabled.