hi brian, Thanks for your response. Here is how i use RAND_seed in my client :
while (RAND_status() == 0) { int rnd = rand(); RAND_seed(&rnd, sizeof(rnd)); } Now Serverhello and certificate is accepted but when the client tries to generate a RSA key, the control does not seem to be coming out of while (*p == '\0') in rsa_pk1.c (code below)as buffer is all initilized to '\0'.I dont see any data in p being filled when RAND_bytes(p,j) is called. REL openssl-0.9.7 Can anyone help me please!! ssl3_send_client_key_exchange(SSL *s) RSA_public_encrypt(..) if (RAND_bytes(p,j) <= 0) return(0); for (i=0; i<j; i++) { if (*p == '\0') do { if (RAND_bytes(p,1) <= 0) return(0); } while (*p == '\0'); p++; } *(p++)='\0'; --- Brian Hatch <[EMAIL PROTECTED]> wrote: > > > > I get a PRNG_NOT_SEEDED error even after i call > > RAND_add() function. I am calling the function at > the > > begining before SSL initialization. > > ... > > > unsigned long Time=time(NULL); > > > > RAND_add(&Time,sizeof(Time),0); > > You should call RAND_status which returns true/false > to tell you > if you have enough entropy. Your code is bad for > several reasons: > > > Assuming an unsigned long is 4 bytes on your > system, you're adding > 32 bits of entropy, which is very very low. > (You'd want to give at > least 40 bits to properly use 40 bit crypto, etc.) > > Secondly, time(NULL) is not providing 32 full bits > of entropy. In > an entire day time(NULL) will produce only 86400 > different values, > which has 17 bits total. The actual entropy of > those bits is still > damned low. > > Lastly, RAND_add expects the last arg to be the > expected entropy of > your system. Now here you've done a fairly > accurate assesment in > saying that even though an unsigned long is 32 > bits the amount of > entropy being supplied by your unsigned long > (initialized from > time(NULL) ) is low (you said 0 bytes). > > Try getting a better source of random data and then > use RAND_add > with a non-zero final value, where that value > accurately defines > how much randomness you expect in the data. > > You might want to read the RAND_add man page. > > -- > Brian Hatch "Don't give > Systems and away the homeworld." > Security Engineer > http://www.ifokr.org/bri/ > > Every message PGP signed > > ATTACHMENT part 2 application/pgp-signature __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]