Re: PRNG_NOT_SEEDED, Even after calling RAND_add() in client
hi brian,
Thanks for your response.
Here is how i use RAND_seed in my client :
while (RAND_status() == 0) {
int rnd = rand();
RAND_seed(rnd, sizeof(rnd));
}
Now Serverhello and certificate is accepted but when
the client tries to generate a RSA key, the control
does not seem to be coming out of while (*p == '\0')
in rsa_pk1.c (code below)as buffer is all initilized
to '\0'.I dont see any data in p being filled when
RAND_bytes(p,j) is called.
REL openssl-0.9.7
Can anyone help me please!!
ssl3_send_client_key_exchange(SSL *s)
RSA_public_encrypt(..)
if (RAND_bytes(p,j) = 0)
return(0);
for (i=0; ij; i++)
{
if (*p == '\0')
do {
if (RAND_bytes(p,1) = 0)
return(0);
} while (*p == '\0');
p++;
}
*(p++)='\0';
--- Brian Hatch [EMAIL PROTECTED] wrote:
I get a PRNG_NOT_SEEDED error even after i call
RAND_add() function. I am calling the function at
the
begining before SSL initialization.
...
unsigned long Time=time(NULL);
RAND_add(Time,sizeof(Time),0);
You should call RAND_status which returns true/false
to tell you
if you have enough entropy. Your code is bad for
several reasons:
Assuming an unsigned long is 4 bytes on your
system, you're adding
32 bits of entropy, which is very very low.
(You'd want to give at
least 40 bits to properly use 40 bit crypto, etc.)
Secondly, time(NULL) is not providing 32 full bits
of entropy. In
an entire day time(NULL) will produce only 86400
different values,
which has 17 bits total. The actual entropy of
those bits is still
damned low.
Lastly, RAND_add expects the last arg to be the
expected entropy of
your system. Now here you've done a fairly
accurate assesment in
saying that even though an unsigned long is 32
bits the amount of
entropy being supplied by your unsigned long
(initialized from
time(NULL) ) is low (you said 0 bytes).
Try getting a better source of random data and then
use RAND_add
with a non-zero final value, where that value
accurately defines
how much randomness you expect in the data.
You might want to read the RAND_add man page.
--
Brian Hatch Don't give
Systems andaway the homeworld.
Security Engineer
http://www.ifokr.org/bri/
Every message PGP signed
ATTACHMENT part 2 application/pgp-signature
__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: PRNG_NOT_SEEDED, Even after calling RAND_add() in client
Thanks for your response.
Here is how i use RAND_seed in my client :
while (RAND_status() == 0) {
int rnd = rand();
RAND_seed(rnd, sizeof(rnd));
}
Ungh.
Now you're seeding your random number generator with... a
random number generator. And I bet you never called srand()
which is needed to seed it, which means you're always getting
the same random numbers. And if you did seed it, did you seed
it with something random? And even if you did, it's no use,
because there are only (unsigned int) possible seeds to srand,
so there are only that many possible random strings you could
be getting so you can only be seeding the OpenSSL PRNG with
that many possible inputs. You're still way low on entropy.
from man rand
DESCRIPTION
The rand() function returns a pseudo-random integer
between 0 and RAND_MAX.
The srand() function sets its argument as the seed for a
new sequence of pseudo-random integers to be returned by
rand(). These sequences are repeatable by calling srand()
with the same seed value.
If no seed value is provided, the rand() function is auto
matically seeded with a value of 1.
...
So I'd *SERIOUSLY* consider some better random sources.
Now Serverhello and certificate is accepted but when
the client tries to generate a RSA key, the control
does not seem to be coming out of while (*p == '\0')
in rsa_pk1.c (code below)as buffer is all initilized
to '\0'.I dont see any data in p being filled when
RAND_bytes(p,j) is called.
So your code tries to make j bytes of non \0 chars in p,
yes? Seems to work for me, actually. I just copy/pasted
it and slapped a for loop to print at the end and it
worked fine.
--
Brian Hatch C:\WINDOWS
Systems and C:\WINDOWS\GO
Security Engineer C:\PC\CRAWL
http://www.ifokr.org/bri/
Every message PGP signed
pgp0.pgp
Description: PGP signature
PRNG_NOT_SEEDED, Even after calling RAND_add() in client
hi,
I get a PRNG_NOT_SEEDED error even after i call
RAND_add() function. I am calling the function at the
begining before SSL initialization.
Here is my sample client running on embedded board
(ThreadX os).
void ssl_client (void)
{
int err;
int sd;
struct sockaddr_in sa;
SSL_CTX* ctx;
SSL* ssl;
X509*server_cert;
char*str;
SSL_METHOD *meth;
int theArg,r,success,theStatus;
fd_set readfds,writefds;
char c2s[BUFSIZZ],s2c[BUFSIZZ];
unsigned long Time=time(NULL);
RAND_add(Time,sizeof(Time),0);
SSLeay_add_ssl_algorithms();
meth = SSLv3_client_method();
SSL_load_error_strings();
ctx = SSL_CTX_new (meth);
SSL_CTX_set_cipher_list(ctx,ALL);
.
.
.
After the client sucessfully reads the serverhello,
server done message and calls
ssl3_send_client_key_exchange() i get this Error.
Can anyone please help to figure out this issue. I
tried what was mentioned on FAQ..
regards,
raj
__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: PRNG_NOT_SEEDED, Even after calling RAND_add() in client
I get a PRNG_NOT_SEEDED error even after i call RAND_add() function. I am calling the function at the begining before SSL initialization. ... unsigned long Time=time(NULL); RAND_add(Time,sizeof(Time),0); You should call RAND_status which returns true/false to tell you if you have enough entropy. Your code is bad for several reasons: Assuming an unsigned long is 4 bytes on your system, you're adding 32 bits of entropy, which is very very low. (You'd want to give at least 40 bits to properly use 40 bit crypto, etc.) Secondly, time(NULL) is not providing 32 full bits of entropy. In an entire day time(NULL) will produce only 86400 different values, which has 17 bits total. The actual entropy of those bits is still damned low. Lastly, RAND_add expects the last arg to be the expected entropy of your system. Now here you've done a fairly accurate assesment in saying that even though an unsigned long is 32 bits the amount of entropy being supplied by your unsigned long (initialized from time(NULL) ) is low (you said 0 bytes). Try getting a better source of random data and then use RAND_add with a non-zero final value, where that value accurately defines how much randomness you expect in the data. You might want to read the RAND_add man page. -- Brian Hatch Don't give Systems andaway the homeworld. Security Engineer http://www.ifokr.org/bri/ Every message PGP signed pgp0.pgp Description: PGP signature
