I want to use RSA_generate_key() on HP-UX 11.11. But hp-ux 11.11 does not provide /dev/random or /dev/urandom, so I need to use openssl prngd.
Please let me know how to use it by default in C code. I have openssl installed and prngd is available.
$ ls /opt/openssl/prngd/prngd
/opt/openssl/prngd/prngd
Let me know if you need more information.
Noting that prngd uses the same interface that EGD does, checkout the instructions found here. A quote of interest is:
On systems without /dev/*random devices providing entropy from the kernel
Alternatively, the EGD-interface compatible daemon PRNGD can be used.
OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
So when you run prngd, run it as prngd /dev/egd-pool or one of the other alternatives
prngd simulates "/dev/random" and "/dev/urandom" over a network connection. It supports either a Unix stream-based domain socket ("/var/run/egd-pool") or (if configured to) or IP using TCP ports 708 or 4840 (default values---can be changed).
So, in using the Unix domain socket, it would look something like:
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int devrandom(void)
{
union
{
struct sockaddr sa;
struct sockaddr_un path;
} location;
int sock;
memset(&location,0,sizeof(location));
location.path.sun_family = AF_UNIX;
strcpy(location.path.sun_path,"/var/run/egd-pool");
sock = socket(AF_UNIX,SOCK_STREAM,0);
if (sock < 0)
return -1;
if (connect(sock,&location.sa,sizeof(struct sockaddr_un)) < 0)
return -1;
return sock;
}
This will return a file descriptor you can pass to read() in order to obtain the random data (note: this code is untested). A TCP/IP based connection is a bit more involved, requiring binding the socket to a local address and connecting to the remote address but there are plenty of examples on the Internet for that type of code.
