Reading random bytes in blocking mode

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Reading random bytes in blocking mode

prakash babu
Hello All,
 
I am working with OpenSSL 0.9.7i on HPUX.
 
I have a configure script which performs the following operations

1. Starts the prngd rc script
   # /sbin/init.d/prngd.rc start

2. Creates self signed certificate
   # /opt/openssl/bin/openssl req -new -x509 -out /opt/openssl/certs/host.pem -keyout /opt/openssl/private/hostkey.pem -nodes -subj /C=US/ST=CA/L=City/O=Company/CN=localhost/emailAddress=www@localhost >/tmp/hostcert.out 2>&1

This script executes during system reboot.
Some times the creation of the self signed certificate fails due to lack of random bytes. This problem does not occur during manual script execution

What can be the reason.
Can reading random bytes from prngd in blocking mode solve this problem.
 
regards,
Prakash
 


Yahoo! Mail
Use Photomail to share photos without annoying attachments.
Reply | Threaded
Open this post in threaded view
|

Re: Reading random bytes in blocking mode

Rick Jones-2
prakash babu wrote:
> Hello All,
>  
> I am working with OpenSSL 0.9.7i on HPUX.

If you are on Itanium, probably better to go to 0.9.8a or above, there are some
performance improvements there.

> I have a configure script which performs the following operations
>
> 1. Starts the prngd rc script
> /   # /sbin/init.d/prngd.rc start
>
> /
> 2. Creates self signed certificate
>   / # /opt/openssl/bin/openssl req -new -x509 -out
> /opt/openssl/certs/host.pem -keyout /opt/openssl/private/hostkey.pem
> -nodes -subj
> ///C=US/ST=CA/L=City/O=Company/CN=localhost/emailAddress=www@localhost//
>  >/tmp/hostcert.out 2>&1
>
> /
> This script executes during system reboot.
> Some times the creation of the self signed certificate fails due to lack
> of random bytes. This problem does not occur during manual script execution
>
> What can be the reason.
> Can reading random bytes from prngd in *blocking mode* solve this problem.

On which version of HP-UX are you running?  If sufficiently contemporary, there
may already be /dev/random or /dev/urandom from which one can pull bytes.

rick j ones
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]