from:"Ray Casterline"

RE: RE: RE: Issue getting enough entropy on Windows NT 4.0 system

2008-10-13 Thread Ray Casterline



The calls you suggest already are in the rand_win.c file.  i.e. we
would be double dipping if we added another set of calls.

Basically, the problem is that with out Workstation Services
running on a WinNT 4.0 box, we lose out on entropy.  Which,
when it comes time to check for ok we end up with 28 and
are looking for at least 32.  Which doesn't fail but later
on we can not set up the pipe.

The other issue is that there is a large block of code that
was targeted for WinNT that is #if 0 compiled out due to
a potential hang.

So, the question becomes.  Why is the big chunk of code #if 0 out,
and should it be put back in or modified for WinNT?

As a side note, I did compile that chunk back in and it ran
with out an issue on my test systemL Windows NT 4.00.1381 (which is
includes SP6)

Thanks Again,
Ray

 Umm, so what's the problem exactly? Did this fail to get entropy from
the
 system? 

 -Original Message-
 From: Ray Casterline 
 Sent: Friday, October 10, 2008 9:37 AM
 To: 'openssl-users@openssl.org'
 Subject: RE: RE: Issue getting enough entropy on Windows NT 4.0 system
 
 
 Thanks for the suggestionb but the RAND_poll function already 
 pulls from the system right after the big #if 0 block as 
 described below in the stetup for the calls.
 
 if (advapi)
 {
 /*
  * If it's available, then it's available in both ANSI
  * and UNICODE flavors even in Win9x, 
 documentation says.
  * We favor Unicode...
  */
 acquire = (CRYPTACQUIRECONTEXTW) 
 GetProcAddress(advapi,
 CryptAcquireContextW);
 gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
 CryptGenRandom);
 release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
 CryptReleaseContext);
 }
 
 So, still looking for other suggestions.
 
 I also tried finding an EGD for Win NT 4.0 and the only one 
 that looked promising was EGADS which is no longer available.
 
 Thanks Again for any suggestions,
 Ray
 
 
  Hello,
  Why not grab some entropy from the system entropy provider?
 
  #include wincrypt.h
  bool GetSysEntropy(void *ptr, int len) {  char namebuf[512];  
  HCRYPTPROV handle;  DWORD count=500;
  
   if(!CryptGetDefaultProvider(PROV_RSA_FULL, NULL, 
 CRYPT_MACHINE_DEFAULT,
namebuf, count)) return false;
  
   if(!CryptAcquireContext(handle, NULL, namebuf, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) return false;
  
   if(!CrytpGenRandom(handle, len (BYTE *) ptr))  {
CryptReleaseContext(handle, 0);
return false;
   }
  
   CryptReleaseContext(handle, 0);
   return true;
  }
  
  DS
  
   
   The Windows NT 4.0 system has the workstation service stopped.
   
   This causes the following snippet from rand_win.c to return 0
   
 if (netstatget(NULL, LLanmanWorkstation, 0, 0,
   outbuf) == 0)
 {
 RAND_add(outbuf, 
 sizeof(STAT_WORKSTATION_0), 45);
 netfree(outbuf);
 }
   
   Add to this a large section of calls are #if 0 out due to 
 a reported 
   problem by Wolfgang Marczy and there isn't many places 
 this function 
   gets entropy from.
   
   Any suggestions?
 
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Issue getting enough entropy on Windows NT 4.0 system

2008-10-13 Thread Ray Casterline


The calls you suggest already are in the rand_win.c file.  
i.e. we would be double dipping if we added another set of calls.
 
Basically, the problem is that with out Workstation Services 
running on a WinNT 4.0 box, we lose out on entropy.  Which, 
when it comes time to check for ok we end up with 28 and are 
looking for at least 32.  Which doesn't fail but later on we 
can not set up the pipe.

The other issue is that there is a large block of code that 
was targeted for WinNT that is #if 0 compiled out due to a 
potential hang.

So, the question becomes.  Why is the big chunk of code #if 0 
out, and should it be put back in or modified for WinNT?

As a side note, I did compile that chunk back in and it ran 
with out an issue on my test systemL Windows NT 4.00.1381 
(which is includes SP6)

Thanks Again,
Ray

 Umm, so what's the problem exactly? Did this fail to get 
 entropy from the system?
 
  -Original Message-
  From: Ray Casterline
  Sent: Friday, October 10, 2008 9:37 AM
  To: 'openssl-users@openssl.org'
  Subject: RE: RE: Issue getting enough entropy on Windows NT 
 4.0 system
  
  
  Thanks for the suggestionb but the RAND_poll function already pulls 
  from the system right after the big #if 0 block as 
 described below in 
  the stetup for the calls.
  
  if (advapi)
  {
  /*
   * If it's available, then it's available 
 in both ANSI
   * and UNICODE flavors even in Win9x, documentation 
  says.
   * We favor Unicode...
   */
  acquire = (CRYPTACQUIRECONTEXTW) 
  GetProcAddress(advapi,
  CryptAcquireContextW);
  gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
  CryptGenRandom);
  release = (CRYPTRELEASECONTEXT) 
 GetProcAddress(advapi,
  CryptReleaseContext);
  }
  
  So, still looking for other suggestions.
  
  I also tried finding an EGD for Win NT 4.0 and the only one that 
  looked promising was EGADS which is no longer available.
  
  Thanks Again for any suggestions,
  Ray
  
  
   Hello,
   Why not grab some entropy from the system entropy provider?
  
   #include wincrypt.h
   bool GetSysEntropy(void *ptr, int len) {  char namebuf[512]; 
   HCRYPTPROV handle;  DWORD count=500;
   
if(!CryptGetDefaultProvider(PROV_RSA_FULL, NULL,
  CRYPT_MACHINE_DEFAULT,
 namebuf, count)) return false;
   
if(!CryptAcquireContext(handle, NULL, namebuf, PROV_RSA_FULL,
 CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) return false;
   
if(!CrytpGenRandom(handle, len (BYTE *) ptr))  {
 CryptReleaseContext(handle, 0);
 return false;
}
   
CryptReleaseContext(handle, 0);
return true;
   }
   
 DS
   

The Windows NT 4.0 system has the workstation service stopped.

This causes the following snippet from rand_win.c to return 0

if (netstatget(NULL, LLanmanWorkstation, 0, 0,
outbuf) == 0)
{
RAND_add(outbuf,
  sizeof(STAT_WORKSTATION_0), 45);
netfree(outbuf);
}

Add to this a large section of calls are #if 0 out due to
  a reported
problem by Wolfgang Marczy and there isn't many places
  this function
gets entropy from.

Any suggestions?
  
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Issue getting enough entropy on Windows NT 4.0 system

2008-10-10 Thread Ray Casterline


Hello,

The Windows NT 4.0 system has the workstation service stopped.

This causes the following snippet from rand_win.c to return 0

if (netstatget(NULL, LLanmanWorkstation, 0, 0,
outbuf) == 0)
{
RAND_add(outbuf, sizeof(STAT_WORKSTATION_0),
45);
netfree(outbuf);
}

Add to this a large section of calls are #if 0 out due to a reported
problem
by Wolfgang Marczy and there isn't many places this function gets
entropy
from.

Any suggestions?

Thanks,
Ray Casterline
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: RE: Issue getting enough entropy on Windows NT 4.0 system

2008-10-10 Thread Ray Casterline


Thanks for the suggestionb but the RAND_poll function already
pulls from the system right after the big #if 0 block as described
below in the stetup for the calls.

if (advapi)
{
/*
 * If it's available, then it's available in both ANSI
 * and UNICODE flavors even in Win9x, documentation
says.
 * We favor Unicode...
 */
acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
CryptAcquireContextW);
gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
CryptGenRandom);
release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
CryptReleaseContext);
}

So, still looking for other suggestions.

I also tried finding an EGD for Win NT 4.0 and the only one that looked
promising was EGADS which is no longer available.

Thanks Again for any suggestions,
Ray


 Hello,
 Why not grab some entropy from the system entropy provider?

 #include wincrypt.h
 bool GetSysEntropy(void *ptr, int len)
 {
  char namebuf[512];
  HCRYPTPROV handle;
  DWORD count=500;
 
  if(!CryptGetDefaultProvider(PROV_RSA_FULL, NULL,
CRYPT_MACHINE_DEFAULT,
   namebuf, count)) return false;
 
  if(!CryptAcquireContext(handle, NULL, namebuf, PROV_RSA_FULL,
   CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) return false;
 
  if(!CrytpGenRandom(handle, len (BYTE *) ptr))
  {
   CryptReleaseContext(handle, 0);
   return false;
  }
 
  CryptReleaseContext(handle, 0);
  return true;
 }
 
   DS
 
  
  The Windows NT 4.0 system has the workstation service stopped.
  
  This causes the following snippet from rand_win.c to return 0
  
  if (netstatget(NULL, LLanmanWorkstation, 0, 0,
  outbuf) == 0)
  {
  RAND_add(outbuf, sizeof(STAT_WORKSTATION_0),
  45);
  netfree(outbuf);
  }
  
  Add to this a large section of calls are #if 0 out due to a reported
  problem
  by Wolfgang Marczy and there isn't many places this function gets
  entropy
  from.
  
  Any suggestions?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: RE: RE: Issue getting enough entropy on Windows NT 4.0 system

RE: Issue getting enough entropy on Windows NT 4.0 system

Issue getting enough entropy on Windows NT 4.0 system

RE: RE: Issue getting enough entropy on Windows NT 4.0 system

4 matches

Site Navigation

Mail list logo

Footer information