More information to the important issue of seeding the PRNG

Submitted by: Reviewed by: PR: 285
2002-11-11 08:32:37 +00:00 · 2002-11-11 08:32:37 +00:00 · 21f8cf65e6
commit 21f8cf65e6
parent 8bcc049399
2 changed files with 14 additions and 0 deletions
--- a/2
+++ b/2
@ -226,6 +226,8 @@ support can be found at
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
 However, be warned that /dev/random is usually a blocking device, which
 may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/


 * Why do I get an "unable to write 'random state'" error message?
--- a/12
+++ b/12
@ -296,3 +296,15 @@
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.