OpenSSL self-test report: OpenSSL version: 0.9.5a Last change: Make sure _lrotl and _lrotr are only used with MSVC.... Options: --prefix=/usr/openssl --openssldir=/usr/openssl solaris-sparcv9-gcc:gcc -g OS (uname): SunOS Spock 5.7 Generic_106541-07 sun4u sparc SUNW,Ultra-1 OS (config): sun4u-sun-solaris2 Target (default): ?? Target: solaris-sparcv9-gcc Compiler: gcc version 2.95.2 19991024 (release) Test passed. ----- Hi, Before anyone says it's in the FAQ, I've checked this out long and hard and I'm pretty sure this is a bug. I was getting the message about "PRNG not seeded" when using "stunnel-3.8", so I installed EGD and started it up generating entropy into /etc/entropy. I updated the openssl.cnf file to define RANDFILE (it two places) as /etc/entropy and stunnel still didn't work. Doing a truss of stunnel showed it trying to access /dev/urandom and getting an ENOENT and then stopping just after. After lots of checking with xxgdb, in desparation, I changed all the hard-coded /dev/urandom to /etc/entropy in the openssl source and recompiled/reinstalled openssl and stunnel. I then trussed stunnel again. This time it tried to open /etc/entropy and got EOPNOTSUPP. This means it was trying to open this as a plain file rather than a socket. After much studying using xxgdb and experimentation, I decided to try creating a plain text file called /dev/urandom which contains any old junk. After doing this, the truss shows ssl looking at /dev/urandom and then continues, but still doesn't look at /etc/entropy, and indeed I can remove the file and stunnel still works. However, this means that there is no randomness. So there would appear to be an assumption in the code that all machines will have a /dev/urandom which is not a socket, and if it can't find it, it doesn't appear to proceed to look wherever RANDFILE is defined, nor to call RAND_egd. The command-line SSL programs do honour the RANDFILE settings, but libcrypto.a doesn't appear to. From what I can see in the source, apps/app_rand.c is correctly coded to try RAND_egd, but nothing in the crypto/ directory calls RAND_egd. I don't know where this should be coded, or I would try to do it myself. I hope this helps. -- Best Regards, Brian S. Craigie Unix Sysadmin NEC Semiconductors (UK) Ltd ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
