Taking care of missing random number generator

[Urjit Gokhale]

Hello,

I had sent this mail to the list some time back, and didnt hear back. So I am 
not sure if it even reached the group.
Here is the second attempt. Any help/suggestion is highly appricited.

~ Urjit
--------------------

I observed that on few platforms, the random device is missing. Due to this, 
the SSL_connect fails. I would have to use -rand option of s_client for 
successful connection.
On such platforms, even my client application fails due to the missing random 
number generator device.
For eg. On my solaris box, my client fails and truss gives the following output:
=============
 0.0999 open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1003 open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1007 open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1013 so_socket(1, 2, 0, "", 1)                       = 5
 0.1018 connect(5, 0xFFBEE3F8, 19, 1)                   Err#2 ENOENT
 0.1021 close(5)                                        = 0
 0.1025 so_socket(1, 2, 0, "", 1)                       = 5
 0.1029 connect(5, 0xFFBEE3F8, 15, 1)                   Err#2 ENOENT
 0.1032 close(5)                                        = 0
 0.1035 so_socket(1, 2, 0, "", 1)                       = 5
 0.1039 connect(5, 0xFFBEE3F8, 15, 1)                   Err#2 ENOENT
 0.1041 close(5)                                        = 0
 0.1046 so_socket(1, 2, 0, "", 1)                       = 5
 0.1050 connect(5, 0xFFBEE3F8, 14, 1)                   Err#2 ENOENT

=============
 And then the SSL_connect fails with SSL_ERROR_SYSCALL and errno set to 2.

In such cases, I had thought of using RAND_write_file() followed by 
RAND_load_file() just after loading required libraries (SSL_load_error_strings, 
SSL_library_init).

Do you think this is sensible approach? If not, could you suggest ways to deal 
with situations when the random device is missing?
If yes, I have another question. How to detect, programatically if the random 
device is missing? The RAND_write_file() and RAND_load_file() should be used 
only if the random device is missing, right?

Any help in understanding this is highly appriciated.

Thank you,
~ Urjit
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the 
property of Persistent Systems Ltd. It is intended only for the use of the 
individual or entity to which it is addressed. If you are not the intended 
recipient, you are not authorized to read, retain, copy, print, distribute or 
use this message. If you have received this communication in error, please 
notify the sender and delete all copies of this message. Persistent Systems 
Ltd. does not accept any liability for virus infected mails.