Howdy. I just installed openssl 0.9.6 on my Solaris 2.5 system and I'm
trying to use it to create a Certificate Signing Request, but it fails to
read entropy from egd's socket in a very bizarre way.
I believe egd (0.8) is set up properly, because gnupg (1.0.4) appears to
successfully use its socket -- `egc.pl /usr/local/etc/egd/entropy get'
verifies that the entropy pool goes down during a `gnupg --gen-random' run,
for instance.
However, when I try to run:
openssl genrsa -rand /usr/local/etc/egd/entropy -des3 1024 -out server.key
it just hangs. What's really strange is that even though my shell (tcsh)
behaves like the process is hanging, if you go to another window and do a
`ps -ef | fgrep openssl', the process no longer exists!!
In the shell you can even CTRL-Z the supposed openssl process and then say
"jobs -l" and it will show what used to be the openssl's PID (if you caught
that via an early `ps -ef' run), but which no longer exists (i.e. the
process didn't stay around but just change names or something).
Nevertheless, you can `forw' it again and tcsh will behave like it's still
around.
If you run openssl under truss, these are the last few entries:
getpid() = 17332 [17331]
open("/dev/urandom", O_RDONLY) Err#2 ENOENT
getuid() = 0 [0]
time() = 972466512
close(3) = 0
stat("/usr/local/etc/egd/entropy", 0xEFFFED98) = 0
open("/usr/local/etc/egd/entropy", O_RDONLY) (sleeping...)
It will just hang on that last entry, and again, if you go looking for the
openssl process with ps, it's no longer there. Somehow even truss doesn't
notice the process disappear.
This behavior is so strange I guess I might be butting up against a Solaris
bug? I haven't applied the recommended patch cluster in awhile...
--
Dan Harkless
SpeedGate Communications, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
