Openssl never finishes generating uhttpd.key on Turris Omnia

I am trying to setup a TO with 19.07 from scratch, but when it boots up, uhttpd is not running and is waiting the the openssl step to complete. It stays in the state forever. A workaround seems to be to perform a first boot from 18.06 to get the key file generated and then upgrade to 19.07.

root@OpenWrt:~# ps -w | grep uhttp
 3265 root      1220 S    /bin/sh /etc/rc.common /etc/rc.d/S50uhttpd boot
 3372 root      3568 S    /usr/bin/openssl req -x509 -sha256 -outform der -nodes -days 730 -newkey rsa:2048 -keyout /etc/uhttpd.key
 4152 root      1064 S    grep uhttp

Turned out not to be a workaround after all: I cannot connect to LuCI even though it is running.

netstat -nap | grep uhttp
tcp        2      0    *               LISTEN      3222/uhttpd
tcp        2      0   *               LISTEN      3222/uhttpd
tcp        0      0 :::80                   :::*                    LISTEN      3222/uhttpd
tcp        0      0 :::443                  :::*                    LISTEN      3222/uhttpd

could be that the openssl key generation hangs during maiden boot since there is almost nothing running at that time in the system and thus having a hard time to gather entropy and to generate certificate.


@fantom-x, @anon45274024 has a good point:

Try the suggestions here:


I will try that, but even on 18.06 I get this, yet it did not prevent openssl from generating a new key.

sysctl kernel.random.entropy_avail
kernel.random.entropy_avail = 3

different versions of openssl 1.0.2s <> 1.1.1c, different prerequisites for key generation?

1 Like

Mvebu is especially difficult target on entropy perspective as the WiFi driver does not generate entropy to the kernel pool, like e.g. ath9k and similar drivers do.

I bought a chaoskey entropy key for my wrt3200acm and introduced the drivers for it to OpenWrt. That helps a lot.

You might try generating the key manually later, after the boot process has completed. Jill the uhttps keygen process and possibly uhttps, wait a few minutes, and restart uhttpd to generate the keys.

1 Like

It seemed to me that urngd was doing a pretty good job of generating early, and quickly, on a reboot.

Seems like it is only in master.

hmm, I assumed that it would have found its way into 19.x, I wonder if that is an oversight.

Took ~2h to get it this hight :slight_smile: I will try havengd shortly.

kernel.random.entropy_avail = 98

1 Like

haveged has solved the problem. Is there any downside of using it vs urngd that only exists in master?

Not to my knowledge.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.