On Wed, Apr 05, 2000 at 10:29:59AM +0200, Hans Werner Strube wrote:
...
> When stunnel (3.8) was linked with openssl-0.9.5a, it always produced the
> following error on start (whereas it worked with openssl-0.9.3a):
> tmp_rsa_cb: error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded
>
> Solaris has no /dev/urandom. When I faked a /dev/urandom as a symlink to some
> readable file, this worked. I could reproduce the error with the following
> test program, containing the same calls as stunnel:
...
> There should be some workaround for systems without /dev/urandom !
Actually it is the responsobility of stunnel to take care of the correct
PRNG seeding. Older versions of OpenSSL simply ignored this problem and
worked with weak pseudo random numbers. Please contact Michal Trojnara
and ask him to incorporate appropriate PRNG seeding.
And: please understand that the automatic call of /dev/urandom is just
an "emergency" seeding that is automatically tried if no proper seeding
was done. It only works on some platforms (Linux and *BSD derivatives)
and is not portable. It is the responsibility of applications and users
to make a responsible choice on the seeding. I use EGD on HP-UX, please
make sure to only use the latest version 0.7, it was just discovered, that
older versions had a bug so that the available entropy was not used as
intended.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
