Re: "PRNG_NOT_SEEDED", Even after calling RAND_add() in client

2003-03-18 Thread Brian Hatch


> Thanks for your response.
> Here is how i use RAND_seed in my client :
> 
>  while (RAND_status() == 0) {
>  int rnd = rand();
>  RAND_seed(&rnd, sizeof(rnd));
>   }

Ungh.

Now you're seeding your random number generator with... a
random number generator.  And I bet you never called srand()
which is needed to seed it, which means you're always getting
the same random numbers.  And if you did seed it, did you seed
it with something random?  And even if you did, it's no use,
because there are only (unsigned int) possible seeds to srand,
so there are only that many possible random strings you could
be getting so you can only be seeding the OpenSSL PRNG with
that many possible inputs.  You're still way low on entropy.
from "man rand"


   DESCRIPTION
   The   rand()  function  returns  a  pseudo-random  integer
   between 0 and RAND_MAX.

   The srand() function sets its argument as the seed  for  a
   new  sequence  of pseudo-random integers to be returned by
   rand().  These sequences are repeatable by calling srand()
   with the same seed value.

   If no seed value is provided, the rand() function is auto­
   matically seeded with a value of 1.
...


So I'd *SERIOUSLY* consider some better random sources.

> Now Serverhello and certificate is accepted but when
> the client tries to generate a RSA key, the control
> does not seem to be coming out of while (*p == '\0')
> in rsa_pk1.c (code below)as buffer is all initilized
> to '\0'.I dont see any data in  p being filled when
> RAND_bytes(p,j) is called.

So your code tries to make j bytes of non \0 chars in p,
yes?  Seems to work for me, actually.  I just copy/pasted
it and slapped a for loop to print at the end and it
 worked fine.



--
Brian Hatch  C:\WINDOWS
   Systems and   C:\WINDOWS\GO
   Security Engineer C:\PC\CRAWL
http://www.ifokr.org/bri/

Every message PGP signed


pgp0.pgp
Description: PGP signature


Re: "PRNG_NOT_SEEDED", Even after calling RAND_add() in client

2003-03-18 Thread rajagopalan ramanujam
hi brian,

Thanks for your response.
Here is how i use RAND_seed in my client :

 while (RAND_status() == 0) {
 int rnd = rand();
 RAND_seed(&rnd, sizeof(rnd));
  }

Now Serverhello and certificate is accepted but when
the client tries to generate a RSA key, the control
does not seem to be coming out of while (*p == '\0')
in rsa_pk1.c (code below)as buffer is all initilized
to '\0'.I dont see any data in  p being filled when
RAND_bytes(p,j) is called.

REL openssl-0.9.7

Can anyone help me please!!

ssl3_send_client_key_exchange(SSL *s)
RSA_public_encrypt(..)

if (RAND_bytes(p,j) <= 0)
return(0);
for (i=0; i wrote:
> 
> 
> > I get a PRNG_NOT_SEEDED error even after i call
> > RAND_add() function. I am calling the function at
> the
> > begining before SSL initialization.
> 
> ...
> 
> >   unsigned long Time=time(NULL);
> > 
> >   RAND_add(&Time,sizeof(Time),0);
> 
> You should call RAND_status which returns true/false
> to tell you
> if you have enough entropy.  Your code is bad for
> several reasons:
> 
> 
>   Assuming an unsigned long is 4 bytes on your
> system, you're adding
>   32 bits of entropy, which is very very low. 
> (You'd want to give at
>   least 40 bits to properly use 40 bit crypto, etc.)
>   
>   Secondly, time(NULL) is not providing 32 full bits
> of entropy.  In
>   an entire day time(NULL) will produce only 86400
> different values,
>   which has 17 bits total.  The actual entropy of
> those bits is still
>   damned low.
>   
>   Lastly, RAND_add expects the last arg to be the
> expected entropy of
>   your system.  Now here you've done a fairly
> accurate assesment in
>   saying that even though an unsigned long is 32
> bits the amount of
>   entropy being supplied by your unsigned long
> (initialized from
>   time(NULL) ) is low (you said 0 bytes).
> 
> Try getting a better source of random data and then
> use RAND_add
> with a non-zero final value, where that value
> accurately defines
> how much randomness you expect in the data.
> 
> You might want to read the RAND_add man page.
> 
> --
> Brian Hatch  "Don't give
>Systems andaway the homeworld."
>Security Engineer
> http://www.ifokr.org/bri/
> 
> Every message PGP signed
> 

> ATTACHMENT part 2 application/pgp-signature 



__
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]


Re: "PRNG_NOT_SEEDED", Even after calling RAND_add() in client

2003-03-17 Thread Brian Hatch


> I get a PRNG_NOT_SEEDED error even after i call
> RAND_add() function. I am calling the function at the
> begining before SSL initialization.

...

>   unsigned long Time=time(NULL);
> 
>   RAND_add(&Time,sizeof(Time),0);

You should call RAND_status which returns true/false to tell you
if you have enough entropy.  Your code is bad for several reasons:


  Assuming an unsigned long is 4 bytes on your system, you're adding
  32 bits of entropy, which is very very low.  (You'd want to give at
  least 40 bits to properly use 40 bit crypto, etc.)
  
  Secondly, time(NULL) is not providing 32 full bits of entropy.  In
  an entire day time(NULL) will produce only 86400 different values,
  which has 17 bits total.  The actual entropy of those bits is still
  damned low.
  
  Lastly, RAND_add expects the last arg to be the expected entropy of
  your system.  Now here you've done a fairly accurate assesment in
  saying that even though an unsigned long is 32 bits the amount of
  entropy being supplied by your unsigned long (initialized from
  time(NULL) ) is low (you said 0 bytes).

Try getting a better source of random data and then use RAND_add
with a non-zero final value, where that value accurately defines
how much randomness you expect in the data.

You might want to read the RAND_add man page.

--
Brian Hatch  "Don't give
   Systems andaway the homeworld."
   Security Engineer
http://www.ifokr.org/bri/

Every message PGP signed


pgp0.pgp
Description: PGP signature