Re: random state, openssl.cnf and RAND_edg("/var/run/egd-pool")

Fri, 02 Feb 2001 03:10:19 -0800 

On Fri, Feb 02, 2001 at 11:01:33AM -0000, John Boocock wrote:
> I have actually have a similar problem also under UnixWare 7.1.1 nsc using
> 
> egd 0.8
> openssl 0.9.6
> 
> Creating self signed test certificates seems to work however if I run the
> following nothing appears to happen:
> 
> /usr/local/ssl/bin/openssl genrsa -des3 -rand /etc/entropy 1024 > test.key
> 
> if -rand is specified as a normal file however this works fine
> 
> Something's obviously worked at some point though as there is a file called
> ~/.rand that contains a load of very random looking info and the file size
> is 1024.
> 
> EGD appears to be working, is this maybe a porting problem with UnixWare
> 7.1.1, SCO said that they can help us out on the issue however I'm not too
> familiar myself with all this OpenSSL / cryptography stuff and don't want to
> waste their time solving something that turns out to be an oversight on my
> part....

Hmm, that's something to think about. I have received some reports with
respect to prngd (I am the author) and Unixware. It seems that sockets
on Unixware look like pipes (prwx...), maybe there are other strange things.
Openssl does not provide diagnostic about success when trying to connect
to an EGD-device, since failure is ok in case of normal file.
Therefore, we have to take other measures now: either instrument the
OpenSSL source (crypto/rand/rand_egd.c) with diagnostic routines or
use a "trace" (strace, tusc or whatever it is called on your system)
to diagnose the result of the "connect()" system call when trying to
talk to the EGD-device.
I don't have Unixware around, so I cannot do this myself. If you can
try this yourself, please report the result.

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to