More information to the important issue of seeding the PRNG

Submitted by: Reviewed by: PR: 285
author: Lutz Jänicke <jaenicke@openssl.org> 2002-11-11 08:33:10 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-11-11 08:33:10 +0000
commit: 96c930dd2fae0645aded269ff950c05515596bff (patch)
tree: dfc546a2f96ec269b7046bfa474e2c4846059fd5 /INSTALL
parent: c81a15099a7b6a8c4ace55a2554005656aa8a307 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/INSTALL b/INSTALL
index af86485e00..63c88523c3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -296,3 +296,15 @@
  targets for shared library creation, like linux-shared.  Those targets
  can currently be used on their own just as well, but this is expected
  to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
author	Lutz Jänicke <jaenicke@openssl.org>	2002-11-11 08:33:10 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-11-11 08:33:10 +0000
commit	96c930dd2fae0645aded269ff950c05515596bff (patch)
tree	dfc546a2f96ec269b7046bfa474e2c4846059fd5 /INSTALL
parent	c81a15099a7b6a8c4ace55a2554005656aa8a307 (diff)