From: Richard Levitte Date: Wed, 13 Nov 2002 12:47:23 +0000 (+0000) Subject: Recent changes from 0.9.6-stable. X-Git-Tag: OpenSSL-engine-0_9_6h~13 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=78a0aebbd8186ec1b9aac724697647e4a2dcae19;p=oweals%2Fopenssl.git Recent changes from 0.9.6-stable. --- diff --git a/FAQ b/FAQ index 360101a2bb..e4ce5bde5b 100644 --- a/FAQ +++ b/FAQ @@ -223,6 +223,8 @@ support can be found at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +A third party /dev/random solution for Solaris is available at + http://www.cosy.sbg.ac.at/~andi/ * Why do I get an "unable to write 'random state'" error message? diff --git a/INSTALL b/INSTALL index 1e6ebb8b7c..44e32817a4 100644 --- a/INSTALL +++ b/INSTALL @@ -288,3 +288,15 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. diff --git a/Makefile.org b/Makefile.org index cd686a04d2..ca1b7a7430 100644 --- a/Makefile.org +++ b/Makefile.org @@ -608,6 +608,9 @@ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_ # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. tar: + find . -type d -print | xargs chmod 755 + find . -type f -print | xargs chmod a+r + find . -type f -perm -0100 -print | xargs chmod a+x find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ diff --git a/apps/req.c b/apps/req.c index cc284e4f37..9d80dd3b23 100644 --- a/apps/req.c +++ b/apps/req.c @@ -431,7 +431,7 @@ bad: if (template != NULL) { - long errline; + long errline = -1; BIO_printf(bio_err,"Using configuration from %s\n",template); req_conf=CONF_load(NULL,template,&errline); diff --git a/apps/x509.c b/apps/x509.c index 802e079dc7..a0e4e3564c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -474,7 +474,7 @@ bad: if (extfile) { - long errorline; + long errorline = -1; X509V3_CTX ctx2; if (!(extconf=CONF_load(NULL,extfile,&errorline))) { diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 1a7691d2a8..7927810098 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include