Re: rand in Windows

Fri, 06 Jul 2012 09:36:26 -0700 

On 7/6/2012 5:17 AM, Thomas J. Hruska wrote:

On 7/5/2012 8:07 PM, John wrote:

Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
am trying to use it to create a random generated file for use in
stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
from the Windows CLI. Although it appears to succeed, but I also see
this message when it finishes: unable to write 'random state'. I looked
at the online help, but nothing I read indicated how to prevent this as
far as I can tell. Is this normal for Windows and not something to worry
about, or what am I missing? Thanks.



Run the command prompt as Administrator.  OpenSSL tries to write the 
state to 'C:\.rnd' since Windows doesn't have /dev/(u)random on the 
system.




Someone *really* should fix this old bug!

Windows (except for very old historic versions) has the equivalent of
/dev/urandom in the form of a system call, and I think that code to
use it is already in the part of OpenSSL which prints out a
message about loading "screen" (technically, that message is printed
far away from the actual code, the actual code in is
crypto/rand/rand_win.c burried under tonnes of "how to get 50 bits
of entropy the hard way" code.)

Writing state cache files to the root of the file system is a terrible
idea on any OS except CP/M (which had no directories).  Every current
OS has a standard for where different kinds of application files belong.
For Linux this is the "FHS", for Windows it is listed in some versions
of the "Windows Logo" guidelines, but is basically about using the
locations returned by SHFOLDER.DLL with appropriate program specific
suffixes.  However in this particular case there is no point in having
the file anyway.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to