Problems with Random Number Seeding

[Jeremy McDermond]

I'm not sure if this is an issue with mod_ssl, or possibly with 
OpenSSL's engine code itself.  I have a FreeBSD 5.1R box with a 
Broadcom BCM5820 crypto accelerator board.  I'm using mod_ssl's 
experimental extensions to enable this board, and I'm using it through 
BSD's cryptodev subsystem.  When I first start the server, after 
configuration, and before forking daemons, it will dump core with 
either an Illegal Instruction or a Segmentation Fault.  It seems to do 
this intermittently, and not on a consistent basis.  It almost seems 
like the seeding process is not completing correctly the first time.  I 
have the random device set to /dev/urandom to enable BSD to provide 
entropy for mod_ssl.  It almost seems as if its ignoring this device 
and trying to get entropy from somewhere else.  Has anybody seen any 
behavior like this?

OS: FreeBSD 5.1R
Apache Version: 1.3.28
mod_ssl Version:  2.8.15
OpenSSL Version: 0.9.7a
mod_ssl configure:
  ./configure --with-apache=../apache_1.3.27 --with-mm=../mm-1.3.0
apache configure:
setenv LDFLAGS -L/usr/local/lib
setenv CFLAGS -I/usr/local/include
setenv EAPI_MM ../mm-1.3.0
./configure \
        --prefix=/private/apache \
        --enable-module=most \
        --enable-shared=max \
        --server-uid=www \
        --server-gid=www \
        --enable-suexec \
        --suexec-caller=www \
        --suexec-uidmin=2000 \
        --suexec-gidmin=100 \
        --suexec-docroot=/private/filer/www \
        --enable-module=ssl \
        --enable-shared=ssl \
        --enable-rule=SSL_EXPERIMENTAL \
        --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c
Backtrace:

#0  0x282ef152 in engine_table_select () from /usr/lib/libcrypto.so.3
#1  0x282caeaa in ENGINE_get_default_RAND () from 
/usr/lib/libcrypto.so.3
#2  0x282c9ea5 in RAND_get_rand_method () from /usr/lib/libcrypto.so.3
#3  0x282c9fc9 in RAND_seed () from /usr/lib/libcrypto.so.3
#4  0x284ecefd in ssl_rand_feedfp () from 
/private/apache/libexec/libssl.so
#5  0x284ecbd0 in ssl_rand_seed () from 
/private/apache/libexec/libssl.so
#6  0x284e7f23 in ssl_init_TmpKeysHandle ()
   from /private/apache/libexec/libssl.so
#7  0x284e7c09 in ssl_init_Module () from 
/private/apache/libexec/libssl.so
#8  0x08059cf4 in ap_init_modules ()
#9  0x08064a7b in main ()
#10 0x0804f7f5 in _start ()

--
Jeremy C. McDermond                                                     
  [EMAIL PROTECTED]
Lead Engineer
Peak Internet, LLC                                                      
                (541) 738-4921

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]