[Date Prev][Date Next] [Chronological] [Thread] [Top]

EGD not used?

I know that no one wants to see another message on "PRNG not
seeded", but be patient.  I'm running OpenLDAP 2.0.7 on
HP-UX 11.00 with OpenSSL 0.9.6 and EGD 0.8.  I've been
testing for a while, and everything but SSL works just fine.
Now I'm testing SSL connections, and I get the dreaded
message "PRNG not seeded".  This was quite a surprise to me
since I'm also using EGD for OpenSSH, and it works just

I did a little debugging and found that when I use OpenSSH,
it does request data from the EGD socket.  Similar testing
showed that OpenLDAP was NOT making a request to EGD.  Both
of these tests were run on the same machine, with the
RANDFILE variable set to the EGD socket path.

After great searching, I found a reference at
03.html saying that, in fact, OpenSSL only partially
supports the use of EGD.  This information was prior to the
release of v0.9.6, but it appears to still be true.  I did
tests with the openssl command-line tool and found that it
ignores both the RANDFILE environment variable and the
RANDFILE directive in openssl.cnf.  In order to get it to
use the EGD socket, you have to pass it a "-rand" argument.

So, has the OpenLDAP code taken this into account?  When
OpenLDAP calls OpenSSH routines, is there a way to make it
pass the "-rand" argument as well?  Is there another way to
make OpenLDAP use EGD or is there another alternative to
/dev/random that does work with OpenLDAP?  Thanks for your


Karl Bolingbroke
Flying J Inc.