hi brian,
Thanks for your response.
Here is how i use RAND_seed in my client :
while (RAND_status() == 0) {
int rnd = rand();
RAND_seed(&rnd, sizeof(rnd));
}
Now Serverhello and certificate is accepted but when
the client tries to generate a RSA key, the control
does not seem to be coming out of while (*p == '\0')
in rsa_pk1.c (code below)as buffer is all initilized
to '\0'.I dont see any data in p being filled when
RAND_bytes(p,j) is called.
REL openssl-0.9.7
Can anyone help me please!!
ssl3_send_client_key_exchange(SSL *s)
RSA_public_encrypt(..)
if (RAND_bytes(p,j) <= 0)
return(0);
for (i=0; i<j; i++)
{
if (*p == '\0')
do {
if (RAND_bytes(p,1) <= 0)
return(0);
} while (*p == '\0');
p++;
}
*(p++)='\0';
--- Brian Hatch <[EMAIL PROTECTED]> wrote:
>
>
> > I get a PRNG_NOT_SEEDED error even after i call
> > RAND_add() function. I am calling the function at
> the
> > begining before SSL initialization.
>
> ...
>
> > unsigned long Time=time(NULL);
> >
> > RAND_add(&Time,sizeof(Time),0);
>
> You should call RAND_status which returns true/false
> to tell you
> if you have enough entropy. Your code is bad for
> several reasons:
>
>
> Assuming an unsigned long is 4 bytes on your
> system, you're adding
> 32 bits of entropy, which is very very low.
> (You'd want to give at
> least 40 bits to properly use 40 bit crypto, etc.)
>
> Secondly, time(NULL) is not providing 32 full bits
> of entropy. In
> an entire day time(NULL) will produce only 86400
> different values,
> which has 17 bits total. The actual entropy of
> those bits is still
> damned low.
>
> Lastly, RAND_add expects the last arg to be the
> expected entropy of
> your system. Now here you've done a fairly
> accurate assesment in
> saying that even though an unsigned long is 32
> bits the amount of
> entropy being supplied by your unsigned long
> (initialized from
> time(NULL) ) is low (you said 0 bytes).
>
> Try getting a better source of random data and then
> use RAND_add
> with a non-zero final value, where that value
> accurately defines
> how much randomness you expect in the data.
>
> You might want to read the RAND_add man page.
>
> --
> Brian Hatch "Don't give
> Systems and away the homeworld."
> Security Engineer
> http://www.ifokr.org/bri/
>
> Every message PGP signed
>
> ATTACHMENT part 2 application/pgp-signature
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
