PRNG seeding problems with mod_ssl v2.8.1

Thu, 22 Mar 2001 07:13:38 -0800 

                        hi

i'm problems starting Apache v1.3.19 compiled with mod_ssl v2.8.1-1.3.19
(OpenSSL v0.9.6) on HP-UX B.11.00 and SunOS v5.6 platforms. Apache starts
normally the mod_ssl SSL configuration is read (-DSSL option), but when
Apache is started without reading the SSL configs i get the following
error message:

[error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key

this message isn't very informative and i'd like to suggest the attached
patch which gives a bit more detailed error message on what's going on.

according to ERR_get_error() RSA key generation fails because the
pseudo-random number generator ('PRNG not seeded') hasn't been seeded.
to my understanding this is because in our configuration
SSLRandomSeed-directives are only read in if -DSSL has been defined. this
is what we have in our main httpd config file:

        <IfDefine SSL>
        Include conf/httpd-ssl.conf
        </IfDefine>

so my question is, is there a way of skipping mod_ssl initialization
(ssl_init_Module()) altogether with some Apache command line parameter for
example when Apache is being run without using SSL functionality?

best regards,
-- 
        aspa

*** ssl_engine_init.c.dist      Thu Mar 22 16:07:10 2001
--- ssl_engine_init.c   Thu Mar 22 17:04:46 2001
***************
*** 373,378 ****
--- 373,379 ----
  {
      SSLModConfigRec *mc = myModConfig();
      ssl_asn1_t *asn1;
+     int st;
      unsigned char *ucp;
      RSA *rsa;
      DH *dh;
***************
*** 381,392 ****
      if (action == SSL_TKP_GEN) {
  
          /* seed PRNG */
!         ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
  
          /* generate 512 bit RSA key */
          ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys 
(512/1024 bits)");
          if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
              ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary 512 bit 
RSA private key");
              ssl_die();
          }
          asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");
--- 382,394 ----
      if (action == SSL_TKP_GEN) {
  
          /* seed PRNG */
!         st = ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
  
          /* generate 512 bit RSA key */
          ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys 
(512/1024 bits)");
          if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
              ssl_log(s, SSL_LOG_ERROR, "Init: Failed to generate temporary 512 bit 
RSA private key");
+           ssl_log(s, SSL_LOG_ERROR, ERR_reason_error_string(ERR_get_error()));
              ssl_die();
          }
          asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");

Reply via email to