diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2002-11-11 08:32:37 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2002-11-11 08:32:37 +0000 |
commit | 21f8cf65e6178c73fedcea29ebacc842569ea6a9 (patch) | |
tree | 142a8a73f7f83acc66a0971e231bfce792481135 | |
parent | 8bcc049399df751c29ac0770d67529bb2ba417ab (diff) |
More information to the important issue of seeding the PRNG
Submitted by:
Reviewed by:
PR: 285
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | INSTALL | 12 |
2 files changed, 14 insertions, 0 deletions
@@ -226,6 +226,8 @@ support can be found at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +A third party /dev/random solution for Solaris is available at + http://www.cosy.sbg.ac.at/~andi/ * Why do I get an "unable to write 'random state'" error message? @@ -296,3 +296,15 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. |