This is a multi-part message in MIME format.

------=_NextPart_000_09AA_01C84CAD.F82C38C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

I observed that on few platforms, the random device is missing. Due to this,=
the SSL_connect fails. I would have to use -rand option of s_client for suc=
cessful connection.
On such platforms, even my client application fails due to the missing rando=
m number generator device.
For eg. On my solaris box, my client fails and truss gives the following out=
put:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
0.0999 open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
0.1003 open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
0.1007 open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
0.1013 so_socket(1, 2, 0, "", 1) =3D 5
0.1018 connect(5, 0xFFBEE3F8, 19, 1) Err#2 ENOENT
0.1021 close(5) =3D 0
0.1025 so_socket(1, 2, 0, "", 1) =3D 5
0.1029 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT
0.1032 close(5) =3D 0
0.1035 so_socket(1, 2, 0, "", 1) =3D 5
0.1039 connect(5, 0xFFBEE3F8, 15, 1) Err#2 ENOENT
0.1041 close(5) =3D 0
0.1046 so_socket(1, 2, 0, "", 1) =3D 5
0.1050 connect(5, 0xFFBEE3F8, 14, 1) Err#2 ENOENT

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
And then the SSL_connect fails with SSL_ERROR_SYSCALL and errno set to 2.

In such cases, I had thought of using RAND_write_file() followed by RAND_l=
oad_file() just after loading required libraries (SSL_load_error_strings, SS=
L_library_init).

Do you think this is sensible approach? If not, could you suggest ways to de=
al with situations when the random device is missing?
If yes, I have another question. How to detect, programatically if the rando=
m device is missing? The RAND_write_file() and RAND_load_file() should be us=
ed only if the random device is missing, right?

Any help in understanding this is highly appriciated.

Thank you,
~~ Urjit
DISCLAIMER=0A=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
This e-mail may contain privileged and confidential information which is the=
property of Persistent Systems Ltd. It is intended only for the use of the=
individual or entity to which it is addressed. If you are not the intended=
recipient, you are not authorized to read, retain, copy, print, distribute=
or use this message. If you have received this communication in error, plea=
se notify the sender and delete all copies of this message. Persistent Syste=
ms Ltd. does not accept any liability for virus infected mails.

------=_NextPart_000_09AA_01C84CAD.F82C38C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








Hello,

 

I observed that on few platforms, the ran=
dom
device is missing. Due to this, the SSL_connect fails. I would have to use -=
rand
option of s_client for successful connection.

On such platforms, even my client applica=
tion
fails due to the missing random number generator device.

For eg. On my solaris box, my client fail=
s and
truss gives the following output:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FONT>

 0.0999 open("/dev/urandom",
O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1003 open("/dev/random=
",
O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1007 open("/dev/srando=
m",
O_RDONLY|O_NONBLOCK|O_NOCTTY) Err#2 ENOENT
 0.1013 so_socket(1, 2, 0=
,
"",
1)            &n=
bsp;         
=3D 5
 0.1018 connect(5, 0xFFBEE3F8, 19,
1)            &n=
bsp;     
Err#2 ENOENT
 0.1021
close(5)           &n=
bsp;            =
            &nbs=
p;  
=3D 0
 0.1025 so_socket(1, 2, 0, "",
1)            &n=
bsp;         
=3D 5
 0.1029 connect(5, 0xFFBEE3F8, 15,
1)            &n=
bsp;     
Err#2 ENOENT
 0.1032
close(5)           &n=
bsp;            =
            &nbs=
p;  
=3D 0
 0.1035 so_socket(1, 2, 0, "",
1)            &n=
bsp;         
=3D 5
 0.1039 connect(5, 0xFFBEE3F8, 15,
1)            &n=
bsp;     
Err#2 ENOENT
 0.1041
close(5)           &n=
bsp;            =
            &nbs=
p;  
=3D 0
 0.1046 so_socket(1, 2, 0, "",
1)            &n=
bsp;         
=3D 5
 0.1050 connect(5, 0xFFBEE3F8, 14,
1)            &n=
bsp;     
Err#2 ENOENT

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FONT>

 And then the SSL_connect fails with SSL_ERROR_SYSCALL and errno s=
et
to 2.

 

In such cases, I had thought of using
RAND_write_file() followed by RAND_load_file() just after loading=

required libraries (SSL_load_error_strings, SSL_library_init).

 

Do you think this is sensible approach? I=
f not,
could you suggest ways to deal with situations when the random device is
missing?

If yes, I have another question. How to d=
etect,
programatically if the random device is missing? The RAND_write_file() =
and
RAND_load_file() should be used only if the random device is missing,
right?

 

Any help in understanding this is h=
ighly
appriciated.

 

Thank you,

~
Urjit

DISCLAIMER=0A=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
This e-mail may contain privileged and confidential information which is the=
property of Persistent Systems Ltd. It is intended only for the use of the=
individual or entity to which it is addressed. If you are not the intended=
recipient, you are not authorized to read, retain, copy, print, distribute=
or use this message. If you have received this communication in error, plea=
se notify the sender and delete all copies of this message. Persistent Syste=
ms Ltd. does not accept any liability for virus infected mails.




------=_NextPart_000_09AA_01C84CAD.F82C38C0--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org