LibreSSL 3.7.x doesn't have RAND_OpenSSL()

Question

LibreSSL 3.7.x doesn't have RAND_OpenSSL()

orbea opened this issue a year ago · 2 comments

When building tpm2-tss it fails since OpenSSL_rand() is not implemented.

https://github.com/tpm2-software/tpm2-tss/blob/3d3c9a81db1354fe75dd27f5a87551c101034b0d/src/tss2-esys/esys_crypto_ossl.c#L561

This can be easily worked around.

#ifdef LIBRESSL_VERSION_NUMBER
    RAND_set_rand_method(RAND_SSLeay());
#else
    RAND_set_rand_method(RAND_OpenSSL());
#endif

But reading LibreSSL's documentation it shows that RAND_set_rand_method() and RAND_SSLeay() doesn't really do anything. Perhaps the same should be for RAND_OpenSSL()?

I made WIP upstream PR here. tpm2-software/tpm2-tss#2380

Answer 1 · 2023-04-15T15:03:42.000Z

RAND_set_rand_method() and RAND_OpenSSL() are deprecated in OpenSSL 3.0 onwards:

https://www.openssl.org/docs/man3.0/man3/RAND_set_rand_method.html

For upstream patches, I would recommend using:

#ifndef LIBRESSL_VERSION_NUMBER
RAND_set_rand_method(RAND_OpenSSL());
#endif

Or potentially removing/replacing the code in question.

Answer 2 · 2023-04-15T15:23:42.000Z

RAND_set_rand_method() and RAND_OpenSSL() are deprecated in OpenSSL 3.0 onwards:

Thanks for pointing that out, I missed that detail. It doesn't seem to make sense to start adding deprecated functions so I will close this.