From: Lutz Jänicke Date: Mon, 11 Nov 2002 08:32:37 +0000 (+0000) Subject: More information to the important issue of seeding the PRNG X-Git-Tag: OpenSSL_0_9_7-beta4~74 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=21f8cf65e6178c73fedcea29ebacc842569ea6a9;p=oweals%2Fopenssl.git More information to the important issue of seeding the PRNG Submitted by: Reviewed by: PR: 285 --- diff --git a/FAQ b/FAQ index 28027fdcac..9998821fde 100644 --- a/FAQ +++ b/FAQ @@ -226,6 +226,8 @@ support can be found at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +A third party /dev/random solution for Solaris is available at + http://www.cosy.sbg.ac.at/~andi/ * Why do I get an "unable to write 'random state'" error message? diff --git a/INSTALL b/INSTALL index af86485e00..63c88523c3 100644 --- a/INSTALL +++ b/INSTALL @@ -296,3 +296,15 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information.