RE: Seeding the OpenSSL PRNG (continued ...)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Leunissen Sent: Thursday, September 28, 2006 10:25 AM To: openssl-users@openssl.org Subject: Re: Seeding the OpenSSL PRNG (continued ...) Apparently, there are some situations where there is no entropy source to seed the OpenSSL PRNG. Is there a uniform way to detect that the OpenSSL PRNG has not been seeded? Uniform is uniform over the various platforms because I want to prevent that I need to check on a per platform basis whether an entropy source is lacking. I believe the function you want is RAND_status(). -- Adam Mlodzinski __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Seeding the OpenSSL PRNG
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Leunissen Sent: Wednesday, September 27, 2006 4:53 PM To: openssl-users@openssl.org Subject: Re: Seeding the OpenSSL PRNG Dr. Stephen Henson wrote: OpenSSL makes use of some standard sources of entropy on various platforms to seed the PRNG automatically. On linux this includes the /dev/urandom device and on Windows various things including the CryptoAPI PRNG. OK, that explains, thanks. The program is going to be distributed to clients who run a Windows variant (2000, XP) or a unix-like OS (*BSD, Solaris, Linux, ...). I reckon that /dev/urandom is present on most unices, so I can count on the automatic PRNG seeding. Beware - some versions of HPUX do not come with a suitable random data device. If I recall correctly, HPUX 11.00 and 11.11 do not have one, but HPUX 11.22 does. Your end-users may need to install one of the random data devices available from HP (they freely provide /dev/random, /dev/urandom and their own version of openssl with a bundled random data device) SunOS/Solaris 5.6 and 5.7 also lack a random data device. -- Adam Mlodzinski __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
automatic seed size
Hi there, I'm using OpenSSL 0.9.7g, and am trying to document the sources of entropy used automatically by the PRNG. O'Reilly's Network Security with OpenSSL lists the following sources (page 100 102), but I'm not sure if the egd sources are checked automatically: /dev/random /dev/urandom /var/run/egd-pool /dev/egd-pool /etc/egd-pool /etc/entropy I'm also wondering how many bytes (by default) are read during the automatic seeding. After installing /dev/random on an HP-UX 11i box, the time to seed was nearly a minute (which is actually not a problem, I just need to document what's happening). One more question. If I set RANDFILE to an egd device, will RAND_load_file(RAND_file_name(x,y),z) behave, and will it happily seeded the PRNG? Thanks to all replies, Adam M. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SSLWRITE fails on HP-UX
Hi there, I recently built the w3c libwww library with ssl support using openssl. I went through the pain of doing this on AIX, Linux, Solaris, HPUX and Windows. On all of the platforms, my builds are using the new libraries okay (so far - keeping my fingers crossed), except, that is, for HPUX. On HPUX, my builds fail when a simple test case fails after loading the libraries. The test case itself doesn't actually do much - it's essentially a unit test that test a few methods. It does not try to load a URL. Here is the output from the build system running my test case: SHLIB_PATH=../../../dest/debug:../../../../support/HP-UX/libwww/lib:../. ./../../support/HP-UX/openssl/lib ../../build/native/debug/collector_test /usr/lib/dld.sl: Call to mmap() failed - TEXT ../../../../support/HP-UX/openssl/lib/libssl.sl /usr/lib/dld.sl: Permission denied /bin/sh: 1064 Abort(coredump) If I run the same test case in my own user account, it succeeds. The build system runs as another user. If I run the openssl command on the HPUX build box, I get this: OpenSSL s_client -connect verisign.com:443 warning, not much extra random data, consider using the -rand option CONNECTED(0003) write:errno=0 After scanning the archives, I discovered that this is not a good result. The previous post about this problem remains unsolved. I'm hoping for some better luck. Any help would be greatly appreciated - my builds are broken until I get this fixed. -- Adam Mlodzinski __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSLWRITE fails on HP-UX
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lance Nehring What does the chatr command show for your executable? Do the shared libraries have execute permissions? Thanks for the quick reply - much obliged. If I chatr on openssl, I get the output below. Looks like I've linked it without the ssl libraries - that can't be good. Although, I used the quick build instructions from the openssl distro. Any idea what I'm missing? [EMAIL PROTECTED] chatr openssl openssl: shared executable shared library dynamic path search: SHLIB_PATH enabled first embedded path disabled second Not Defined shared library list: dynamic /usr/lib/libdld.2 dynamic /usr/lib/libc.2 shared library binding: deferred global hash table disabled plabel caching disabled global hash array size:1103 global hash array nbuckets:3 shared vtable support disabled static branch prediction disabled executable from stack: D (default) kernel assisted branch prediction enabled lazy swap allocation disabled text segment locking disabled data segment locking disabled third quadrant private data space disabled fourth quadrant private data space disabled third quadrant global data space disabled data page size: D (default) instruction page size: D (default) nulptr references disabled shared library private mapping disabled shared library text merging disabled __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSLWRITE fails on HP-UX
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lance Nehring What does the chatr command show for your executable? Do the shared libraries have execute permissions? On a more useful note, here's the output of chatr from my build system. The openssl libs are listed, but how do I know if they're executable? Do you mean file permission, execute bit? ... .. . Well, what do you know - in my environment, the x bit was set. As soon as I removed it, I reproduced the build system error. Now that I know what's wrong, I know what needs to be changed. Thanks a bunch! (the now-mostly-academic chatr output) chatr ../../build/native/debug/collector_test [execmake] ../../build/native/debug/collector_test: [execmake] shared executable [execmake] shared library dynamic path search: [execmake] SHLIB_PATH enabled first [execmake] embedded path disabled second Not Defined [execmake] shared library list: [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libmd5.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libpics.sl.0 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwapp.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwcache.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwcore.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwdir.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwfile.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwftp.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwgopher.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwhtml.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwhttp.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwinit.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwmime.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwmux.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwnews.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwstream.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwtelnet.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwtrans.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwutils.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwxml.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libxmlparse.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libxmltok.sl.1 [execmake] dynamic ../../../../support/HP-UX/libwww/lib/libwwwssl.sl.1 [execmake] dynamic ../../../../support/HP-UX/openssl/lib/libcrypto.sl [execmake] dynamic ../../../../support/HP-UX/openssl/lib/libssl.sl [execmake] dynamic /usr/lib/libstd_v2.2 [execmake] dynamic /usr/lib/libCsup_v2.2 [execmake] dynamic /usr/lib/libm.2 [execmake] dynamic /usr/lib/libcl.2 [execmake] dynamic /usr/lib/libc.2 [execmake] static/usr/lib/libdld.2 [execmake] shared library binding: [execmake] deferred [execmake] global hash table disabled [execmake] plabel caching disabled [execmake] global hash array size:1103 [execmake] global hash array nbuckets:3 [execmake] shared vtable support disabled [execmake] static branch prediction disabled [execmake] executable from stack: D (default) [execmake] kernel assisted branch prediction enabled [execmake] lazy swap allocation disabled [execmake] text segment locking disabled [execmake] data segment locking disabled [execmake] third quadrant private data space disabled [execmake] fourth quadrant private data space disabled [execmake] third quadrant global data space disabled [execmake] data page size: D (default) [execmake] instruction page size: D (default) [execmake] nulptr references disabled [execmake] shared library private mapping disabled [execmake] shared library text merging disabled __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]