From: Lutz Jänicke Date: Mon, 11 Nov 2002 08:33:47 +0000 (+0000) Subject: More information to the important issue of seeding the PRNG X-Git-Tag: OpenSSL_0_9_6h~54 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=fa459714844ff1fd8ab519a7c58540d06f76b80e;p=oweals%2Fopenssl.git More information to the important issue of seeding the PRNG Submitted by: Reviewed by: PR: 285 --- diff --git a/FAQ b/FAQ index 360101a2bb..e4ce5bde5b 100644 --- a/FAQ +++ b/FAQ @@ -223,6 +223,8 @@ support can be found at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +A third party /dev/random solution for Solaris is available at + http://www.cosy.sbg.ac.at/~andi/ * Why do I get an "unable to write 'random state'" error message? diff --git a/INSTALL b/INSTALL index 75a843b15f..432ca5d6f5 100644 --- a/INSTALL +++ b/INSTALL @@ -285,3 +285,15 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information.