I have actually have a similar problem also under UnixWare 7.1.1 nsc using
egd 0.8
openssl 0.9.6
Creating self signed test certificates seems to work however if I run the
following nothing appears to happen:
/usr/local/ssl/bin/openssl genrsa -des3 -rand /etc/entropy 1024 > test.key
if -rand is specified as a normal file however this works fine
Something's obviously worked at some point though as there is a file called
~/.rand that contains a load of very random looking info and the file size
is 1024.
EGD appears to be working, is this maybe a porting problem with UnixWare
7.1.1, SCO said that they can help us out on the issue however I'm not too
familiar myself with all this OpenSSL / cryptography stuff and don't want to
waste their time solving something that turns out to be an oversight on my
part....
Cheers
John Boocock
-----Original Message-----
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: 02 February 2001 10:09
To: [EMAIL PROTECTED]
Subject: Re: random state, openssl.cnf and RAND_edg("/var/run/egd-pool")
On Fri, Feb 02, 2001 at 02:53:33AM -0700, Boyd Lynn Gerber wrote:
> Sorry, but I guess I am missing something.
>
> I have in my openssl.cnf file
> RANDFILE = RAND_egd("/var/run/egd-pool")
>
> # egc.pl /var/run/egd-pool get
> 32800 bits of entropy in pool
>
> Using configuration from /usr/local/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
You are misunderstanding the use of the parameters.
RANDFILE defines a file from which entropy is read and into which
data retrieved from the PRNG is written back.
program starts
program reads file specified by RANDFILE
program performs action
program writes back to file specified by RANDFILE
This is important to understand, because if you point RANDFILE to a file
containing "random" information the file might be overwritten later.
Consider RANDFILE being set to /etc/passwd or /lib/libc.so...
Therefore it makes sense to have it as $HOME/.rnd...
Anyway, in order to read additional entropy from an EGD-device, you must
explicitly state it on the command line:
openssl genrsa -rand /var/run/egd-pool [other options]...
"openssl" will automatically try to access /var/run/egd-pool, then, if this
is not possible, it will try to _read_ it as a normal file (it will never
write back anything).
OpenSSL starting with 0.9.7 will automatically try to access an EGD-device
at /var/run/egd-pool (and /etc/entropy, but the /var hierarchy is
recommended).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.star.net.uk/stats.asp
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.star.net.uk/stats.asp
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
