More information to the important issue of seeding the PRNG

Submitted by:
Reviewed by:
PR: 285

diff --git a/FAQ b/FAQ
index 28027fdcacc017bf7b957b85e1cc931c7da6547d..9998821fde12033a773c4391783afc1b1166c867 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -226,6 +226,8 @@ support can be found at
   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/
 
 
 * Why do I get an "unable to write 'random state'" error message?

diff --git a/INSTALL b/INSTALL
index af86485e00fe8127481e54624635e8618446a2d7..63c88523c3a945f0bcade4eef3f3a618dca83aef 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -296,3 +296,15 @@
  targets for shared library creation, like linux-shared.  Those targets
  can currently be used on their own just as well, but this is expected
  to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.