On Fri, Feb 02, 2001 at 02:53:33AM -0700, Boyd Lynn Gerber wrote:
> Sorry, but I guess I am missing something.
>
> I have in my openssl.cnf file
> RANDFILE = RAND_egd("/var/run/egd-pool")
>
> # egc.pl /var/run/egd-pool get
> 32800 bits of entropy in pool
>
> Using configuration from /usr/local/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
You are misunderstanding the use of the parameters.
RANDFILE defines a file from which entropy is read and into which
data retrieved from the PRNG is written back.
program starts
program reads file specified by RANDFILE
program performs action
program writes back to file specified by RANDFILE
This is important to understand, because if you point RANDFILE to a file
containing "random" information the file might be overwritten later.
Consider RANDFILE being set to /etc/passwd or /lib/libc.so...
Therefore it makes sense to have it as $HOME/.rnd...
Anyway, in order to read additional entropy from an EGD-device, you must
explicitly state it on the command line:
openssl genrsa -rand /var/run/egd-pool [other options]...
"openssl" will automatically try to access /var/run/egd-pool, then, if this
is not possible, it will try to _read_ it as a normal file (it will never
write back anything).
OpenSSL starting with 0.9.7 will automatically try to access an EGD-device
at /var/run/egd-pool (and /etc/entropy, but the /var hierarchy is recommended).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
