[Help-gnutls] Alternate random device for certtool

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Nov 27 18:27:26 CET 2008 

On Wed 2008-11-26 19:04:52 -0500, Teran McKinney wrote:

> I am using Gnutls 2.6.2, but have had no luck generating certificates
> with certtool. I found that it uses /dev/random instead of
> /dev/urandom

How are you determining that it uses /dev/random?

I'm using gnutls 2.6.2 from debian's experimental repository, and it
seems to be pulling from /dev/urandom unless i pass it the
--disable-quick-random flag.  It does apparently check to make sure
that /dev/random is readable, but it doesn't open the file unless it
needs to:

wt215 at squeak:~$ time strace certtool -p --outfile /dev/null 2>&1 | grep random
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4

real	0m5.453s
user	0m5.284s
sys	0m0.020s
wt215 at squeak:~$ time strace certtool -p --disable-quick-random --outfile /dev/null 2>&1 | grep random
execve("/usr/bin/certtool", ["certtool", "-p", "--disable-quick-random", "--outfile", "/dev/null"], [/* 15 vars */]) = 0
access("/dev/random", R_OK)             = 0
access("/dev/urandom", R_OK)            = 0
open("/dev/urandom", O_RDONLY)          = 4
write(2, "This might take several minutes d"..., 88This might take several minutes depending on availability of randomness in /dev/random.
open("/dev/random", O_RDONLY)           = 5

real	1m5.935s
user	0m4.668s
sys	0m0.036s
wt215 at squeak:~$ dpkg -l gnutls-bin libgnutls26
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  gnutls-bin     2.6.2-1        the GNU TLS library - commandline utilities
ii  libgnutls26    2.6.2-1        the GNU TLS library - runtime library
wt215 at squeak:~$ 

           --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081127/0527b96d/attachment.pgp>

More information about the Gnutls-help mailing list