[stunnel-users] prng_init failure

Philip Craig philipjcraig at gmail.com
Thu Oct 15 06:40:06 CEST 2015

prng_init() is failing in 5.24 when cross-compiling with openssl due to
a combination of two reasons:
1. The --with-random configure option is not supported when cross
2. The hardcoded /dev/urandom is no longer used if OPENSSL_NO_EGD is not

The following patch reverts the behaviour to how it was in 5.23, but
probably the --with-random configure option should be supported too.

--- stunnel-5.25.orig/src/ssl.c
+++ stunnel-5.25/src/ssl.c
@@ -207,7 +207,8 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
         return 0; /* success */
     s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
-#elif !defined(OPENSSL_NO_EGD)
     if(global->egd_sock) {
         if((bytes=RAND_egd(global->egd_sock))==-1) {
             s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
@@ -220,7 +221,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
                          so no need to check if seeded sufficiently */
     /* try the good-old default /dev/urandom, if available  */
     totbytes+=add_rand_file(global, "/dev/urandom");

More information about the stunnel-users mailing list