I have built OpenSSL 0.9.7e on Solaris 10 (sparc). When the "openssl"
command is run it fails with a error which states that it was unable to
get sufficient entropy, even though Solaris has /dev/[u]random.
So I built OpenSSL on Solaris 9 and found that the "openssl" command
runs OK.
I then ran the "openssl" command under "truss" on both Solaris 9 and
10, and found that on Solaris 10 the open() of the randomfile in
rand_unix.c was failing with EINVAL. On Solaris 10, the open() call is
made with an additional O_NOFOLLOW option which is not present in
Solaris 9 (I don't think that Solaris 9 has this option defined).
In rand_unix.c there is an #ifdef which tests to see if O_NOFOLLOW is
defined and if it is then this option is added to the open() call.
On Solaris 9 and 10 /dev/urandom and /dev/random actually exist
legitimately as symbolic links like so:
/dev/random -> ../devices/pseudo/[EMAIL PROTECTED]:random
/dev/urandom -> ../devices/pseudo/[EMAIL PROTECTED]:urandom
So on Solaris 10, the open() fails because it has been told not to
follow these links. (On Solaris 9 it suceeds because there is no
O_NOFOLLOW option.)
I have worked around this by removing the O_NOFOLLOW option from
rand_unix.c but it needs to be fixed either by allowing /dev/[u]random
to be a sybolic link, or by allowing this only on Solaris platforms.
__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
