Hi,
Redhat 7.0, Redhat kernel 2.2.14-5.0
openssl-0.9.6 -- same behavior observed with openssl-0.9.5a
I execute the command:
openssl genrsa -des3 -out ca.key 1024
and get the warning message:
warning, not much extra random data, consider using the -rand option
which I don't think I should get. Other than issuing the (in my opinion)
spurious warning, the program behaved fine as far as I know.
My system has /dev/random and /dev/urandom, which are almost always
"full" of randomness (4096 bits). I watched execution with gdb and know
that function RAND_poll (called via RAND_status) obtained the requested
amount of entropy from /dev/urandom and mixed it into the pool.
The message is being issued because function app_RAND_load_file in file
apps/app_rand.c is returning 0. It looks to me like app_RAND_load_file
is supposed to return 1 if sufficient randomness has been acquired,
or 0 if not. It does return 1 if it gets "randomness" from a randfile,
but returns 0 if it gets it from /dev/urandom.
I believe that app_RAND_load_file should be made to return 1 if
RAND_status returns non-zero.
If the intent of issuing the message is to encourage people to
use a randfile even if they do have /dev/urandom, then I think the
message ought to be more explanatory or that the man page should
discuss the issue.
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
