rand in Windows

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

rand in Windows

John A. Wallace
Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I am
trying to use it to create a random generated file for use in stunnel, using
this command "openssl rand -out filexyz.rnd -hex 2048" from the Windows CLI.
Although it appears to succeed, but I also see this message when it
finishes: unable to write 'random state'.  I looked at the online help, but
nothing I read indicated how to prevent this as far as I can tell. Is this
normal for Windows and not something to worry about, or what am I missing?
Thanks.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: rand in Windows

Thomas J. Hruska
On 7/5/2012 8:07 PM, John wrote:
> Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
> am trying to use it to create a random generated file for use in
> stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
> from the Windows CLI. Although it appears to succeed, but I also see
> this message when it finishes: unable to write 'random state'.  I looked
> at the online help, but nothing I read indicated how to prevent this as
> far as I can tell. Is this normal for Windows and not something to worry
> about, or what am I missing? Thanks.

Run the command prompt as Administrator.  OpenSSL tries to write the
state to 'C:\.rnd' since Windows doesn't have /dev/(u)random on the system.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: rand in Windows

John A. Wallace


"Thomas J. Hruska"
<[hidden email]> wrote in
message news:<[hidden email]>...

> On 7/5/2012 8:07 PM, John wrote:
> > Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
> > am trying to use it to create a random generated file for use in
> > stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
> > from the Windows CLI. Although it appears to succeed, but I also see
> > this message when it finishes: unable to write 'random state'.  I looked
> > at the online help, but nothing I read indicated how to prevent this as
> > far as I can tell. Is this normal for Windows and not something to worry
> > about, or what am I missing? Thanks.
>
> Run the command prompt as Administrator.  OpenSSL tries to write the state
> to 'C:\.rnd' since Windows doesn't have /dev/(u)random on the system.
>
Hi, Thomas.

Yes, that was the ticket, sure enough. Thanks again.  I wonder where else I
should have looked to find that instruction, or do you a little genie lamp
somewhere?  :)  Is that included in a different manual somewhere I have yet
to find?

John


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: rand in Windows

Thomas J. Hruska
On 7/5/2012 8:56 PM, John wrote:

>
>
> "Thomas J. Hruska" <[hidden email]> wrote in message
> news:<[hidden email]>...
>> On 7/5/2012 8:07 PM, John wrote:
>> > Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
>> > am trying to use it to create a random generated file for use in
>> > stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
>> > from the Windows CLI. Although it appears to succeed, but I also see
>> > this message when it finishes: unable to write 'random state'.  I
>> looked
>> > at the online help, but nothing I read indicated how to prevent this as
>> > far as I can tell. Is this normal for Windows and not something to
>> worry
>> > about, or what am I missing? Thanks.
>>
>> Run the command prompt as Administrator.  OpenSSL tries to write the
>> state to 'C:\.rnd' since Windows doesn't have /dev/(u)random on the
>> system.
>>
> Hi, Thomas.
>
> Yes, that was the ticket, sure enough. Thanks again.  I wonder where
> else I should have looked to find that instruction, or do you a little
> genie lamp somewhere?  :)  Is that included in a different manual
> somewhere I have yet to find?
>
> John

Not documented anywhere that I know of.  Just something I picked up when
I installed Windows Vista and OpenSSL the first time.  I remember
running FileMon to figure out what OpenSSL was trying to do.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: rand in Windows

Dr. Stephen Henson
In reply to this post by John A. Wallace
On Thu, Jul 05, 2012, John wrote:

>
>
> "Thomas J. Hruska" <[hidden email]> wrote in message
> news:<[hidden email]>...
> >On 7/5/2012 8:07 PM, John wrote:
> >> Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
> >> am trying to use it to create a random generated file for use in
> >> stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
> >> from the Windows CLI. Although it appears to succeed, but I also see
> >> this message when it finishes: unable to write 'random state'.  I looked
> >> at the online help, but nothing I read indicated how to prevent this as
> >> far as I can tell. Is this normal for Windows and not something to worry
> >> about, or what am I missing? Thanks.
> >
> >Run the command prompt as Administrator.  OpenSSL tries to write
> >the state to 'C:\.rnd' since Windows doesn't have /dev/(u)random
> >on the system.
> >
> Hi, Thomas.
>
> Yes, that was the ticket, sure enough. Thanks again.  I wonder where
> else I should have looked to find that instruction, or do you a
> little genie lamp somewhere?  :)  Is that included in a different
> manual somewhere I have yet to find?
>

You can use the RANDFILE environment variable to set an alternative location.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: rand in Windows

Jakob Bohm-7
In reply to this post by Thomas J. Hruska
On 7/6/2012 5:17 AM, Thomas J. Hruska wrote:

> On 7/5/2012 8:07 PM, John wrote:
>> Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
>> am trying to use it to create a random generated file for use in
>> stunnel, using this command "openssl rand -out filexyz.rnd -hex 2048"
>> from the Windows CLI. Although it appears to succeed, but I also see
>> this message when it finishes: unable to write 'random state'. I looked
>> at the online help, but nothing I read indicated how to prevent this as
>> far as I can tell. Is this normal for Windows and not something to worry
>> about, or what am I missing? Thanks.
>
> Run the command prompt as Administrator.  OpenSSL tries to write the
> state to 'C:\.rnd' since Windows doesn't have /dev/(u)random on the
> system.
>

Someone *really* should fix this old bug!

Windows (except for very old historic versions) has the equivalent of
/dev/urandom in the form of a system call, and I think that code to
use it is already in the part of OpenSSL which prints out a
message about loading "screen" (technically, that message is printed
far away from the actual code, the actual code in is
crypto/rand/rand_win.c burried under tonnes of "how to get 50 bits
of entropy the hard way" code.)

Writing state cache files to the root of the file system is a terrible
idea on any OS except CP/M (which had no directories).  Every current
OS has a standard for where different kinds of application files belong.
For Linux this is the "FHS", for Windows it is listed in some versions
of the "Windows Logo" guidelines, but is basically about using the
locations returned by SHFOLDER.DLL with appropriate program specific
suffixes.  However in this particular case there is no point in having
the file anyway.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: rand in Windows

J. J. Farrell-2
In reply to this post by John A. Wallace
The simplest thing is simply to ignore the error. It's trying to write a file in a location which is not writeable by ordinary users. The file it's trying to write helps work around a deficiency in some ancient versions of Windows, helping ensure the randomness of future calls to the command. This is totally unnecessary with current versions of OpenSSL on current versions of Windows, so it doesn't matter at all that it can't create the file.

Regards,
                 jjf

> -----Original Message-----
> From: John [mailto:[hidden email]]
> Sent: Friday, July 06, 2012 4:07 AM
> To: [hidden email]
> Subject: rand in Windows
>
> Hello. I have OpenSSL-Win64 version 1.0.1c installed on 64-bit Win7.  I
> am
> trying to use it to create a random generated file for use in stunnel,
> using
> this command "openssl rand -out filexyz.rnd -hex 2048" from the Windows
> CLI.
> Although it appears to succeed, but I also see this message when it
> finishes: unable to write 'random state'.  I looked at the online help,
> but
> nothing I read indicated how to prevent this as far as I can tell. Is
> this
> normal for Windows and not something to worry about, or what am I
> missing?
> Thanks.
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]