Thanks for sharing the links, I'm going to check them.
The original code call RAND_screen() only once in the app initialization,
so can I replace it by RAND_add()? (I'm newbie on SSL)
I've noticed the application is just a HTTP client consuming some web
services via HTTPS. It doesn't call
Thanks for replying!
I found two libraries at application's directory: libeay32.dll and
ssleay32.dll, both with file version 0.9.8.14 and product version 0.9.8n.
I totally agree about properly initializing the random number generator,
however I don't know how to do that yet. That code I'm using
> I'm trying to speed up the initialization of a legacy HTTP client
> application. Debugging that code, I found the following functions being
> called each application startup:
>
> initialization
> SSL_library_init()
> SSL_load_error_strings()
> OpenSSL_add_all_algorithms()
>
What version of openssl are you using? Current versions do not call
RAND_screen or other long-term heap-walking on Windows.
You absolutely *must* properly initialize the random number generator. If you
fail to do that, attackers can guess the keys that you use. You will be
providing only
Hello all,
I'm trying to speed up the initialization of a legacy HTTP client
application. Debugging that code, I found the following functions being
called each application startup:
initialization
SSL_library_init()
SSL_load_error_strings()
OpenSSL_add_all_algorithms()