Re: Error: SSLEAY_RAND_BYTES:prng not seeded

Thu, 2 Mar 2000 14:33:46 -0800 

Michael E Buckley <[EMAIL PROTECTED]>:

> I am getting the "prgn not seeded" message on a Solaris 7 Ultra 10
> when I create non-dummy certificates.  [...]

> STEP 4: Enrypting RSA private key with a pass phrase [...]
> Encrypt the private key now? [Y/n]:
> read RSA key
> writing RSA key
> Enter PEM pass phrase:
> Verifying password - Enter PEM pass phrase:
> unable to write key
> 13617:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not seeded:m
> d_rand.c:483:
> mkcert.sh:Error: Failed to encrypt RSA private key

A couple of times RAND_bytes() is used when RAND_pseudo_bytes(), which
works without strong seeding, should be used.  Change pem_lib.c
according to the following patch, then the script should work.

Index: crypto/asn1/p5_pbe.c
===================================================================
RCS file: /usr/local/openssl/cvs/openssl/crypto/asn1/p5_pbe.c,v
retrieving revision 1.12
diff -u -r1.12 p5_pbe.c
--- p5_pbe.c    2000/01/30 23:32:23     1.12
+++ p5_pbe.c    2000/03/02 21:51:05
@@ -129,7 +129,7 @@
        }
        pbe->salt->length = saltlen;
        if (salt) memcpy (pbe->salt->data, salt, saltlen);
-       else if (RAND_bytes (pbe->salt->data, saltlen) <= 0)
+       else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) <= 0)
                return NULL;
 
        if (!(astype = ASN1_TYPE_new())) {
Index: crypto/asn1/p5_pbev2.c
===================================================================
RCS file: /usr/local/openssl/cvs/openssl/crypto/asn1/p5_pbev2.c,v
retrieving revision 1.14
diff -u -r1.14 p5_pbev2.c
--- p5_pbev2.c  2000/02/22 18:45:09     1.14
+++ p5_pbev2.c  2000/03/02 21:51:17
@@ -212,7 +212,7 @@
        if (!(osalt->data = Malloc (saltlen))) goto merr;
        osalt->length = saltlen;
        if (salt) memcpy (osalt->data, salt, saltlen);
-       else if (RAND_bytes (osalt->data, saltlen) <= 0) goto merr;
+       else if (RAND_pseudo_bytes (osalt->data, saltlen) <= 0) goto merr;
 
        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
        if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
Index: crypto/pem/pem_lib.c
===================================================================
RCS file: /usr/local/openssl/cvs/openssl/crypto/pem/pem_lib.c,v
retrieving revision 1.27
diff -u -r1.27 pem_lib.c
--- pem_lib.c   2000/02/23 01:10:57     1.27
+++ pem_lib.c   2000/03/02 21:50:31
@@ -373,7 +373,7 @@
                        kstr=(unsigned char *)buf;
                        }
                RAND_add(data,i,0);/* put in the RSA key. */
-               if (RAND_bytes(iv,8) <= 0)      /* Generate a salt */
+               if (RAND_pseudo_bytes(iv,8) <= 0)       /* Generate a salt */
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
Index: crypto/pkcs12/p12_mutl.c
===================================================================
RCS file: /usr/local/openssl/cvs/openssl/crypto/pkcs12/p12_mutl.c,v
retrieving revision 1.11
diff -u -r1.11 p12_mutl.c
--- p12_mutl.c  2000/01/21 01:15:53     1.11
+++ p12_mutl.c  2000/03/02 21:51:43
@@ -157,7 +157,7 @@
                return 0;
        }
        if (!salt) {
-               if (RAND_bytes (p12->mac->salt->data, saltlen) <= 0)
+               if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) <= 0)
                        return 0;
        }
        else memcpy (p12->mac->salt->data, salt, saltlen);
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to