On Mon, Dec 12, 2016 at 3:53 PM, Jeffrey Walton wrote:
> > So what is the correct way, 1 or 2?
> >
> > 1)
> >
> > RAND_poll()
> > /* RAND_bytes is unnecessary */
> > /* RAND_add is unnecessary */
> >
> > 2)
> >
> > RAND_poll()
> > RAND_bytes(buf, 128);
> > /* RAND_add is unnecessary */
>
> On Win
> So what is the correct way, 1 or 2?
>
> 1)
>
> RAND_poll()
> /* RAND_bytes is unnecessary */
> /* RAND_add is unnecessary */
>
> 2)
>
> RAND_poll()
> RAND_bytes(buf, 128);
> /* RAND_add is unnecessary */
On Windows, you call CryptGenRandom to obtain your seed for the
OpenSSL PRNG. On Linux, you
Seed the RNG, via RAND_poll. When or if you need random bytes, call
RAND_bytes. If you just need crypto keys, call the appropriate keygen API.
Done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Mon, Dec 12, 2016 at 3:33 PM, silvioprog wrote:
[...]
> So what is the correct way, 1 or 2?
>
*"which is ..."
--
Silvio Clécio
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Mon, Dec 12, 2016 at 3:28 PM, Salz, Rich wrote:
> > > You fed RAND_bytes output back into RAND_add? That's silly.
> > Yes. Is it unnecessary? My steps are:
>
> It is a bad idea. It is pointless. Don't do it.
So what is the correct way, 1 or 2?
1)
RAND_poll()
/* RAND_bytes is unnecessary
> > You fed RAND_bytes output back into RAND_add? That's silly.
> Yes. Is it unnecessary? My steps are:
It is a bad idea. It is pointless. Don't do it.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Mon, Dec 12, 2016 at 3:04 PM, Salz, Rich wrote:
> > "In short, I just replaced the RAND_screen() call to the RAND_poll(),
> generated a random buffer using RAND_bytes() (based on
> https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it
> via RAND_add()"
>
> You fed RAND_bytes o
> "In short, I just replaced the RAND_screen() call to the RAND_poll(),
> generated a random buffer using RAND_bytes() (based on
> https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via
> RAND_add()"
You fed RAND_bytes output back into RAND_add? That's silly.
--
openssl-us
Oops,
I meant:
"In short, I just replaced the RAND_screen() call to the RAND_poll(),
generated a random buffer using RAND_bytes() (based on
https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via
RAND_add()"
On Mon, Dec 12, 2016 at 2:46 PM, silvioprog wrote:
[...]
> In short
Finally I think I solved this problem! :-)
This is the patch I'm going to send to the `ssl_openssl_lib` authors:
http://pastebin.com/VgSpnwxB .
In short, I just removed the RAND_screen() call, generated a random buffer
using RAND_bytes() (based on
https://wiki.openssl.org/index.php/Random_Numbers
Thanks for sharing the links, I'm going to check them.
The original code call RAND_screen() only once in the app initialization,
so can I replace it by RAND_add()? (I'm newbie on SSL)
I've noticed the application is just a HTTP client consuming some web
services via HTTPS. It doesn't call explici
Thanks for replying!
I found two libraries at application's directory: libeay32.dll and
ssleay32.dll, both with file version 0.9.8.14 and product version 0.9.8n.
I totally agree about properly initializing the random number generator,
however I don't know how to do that yet. That code I'm using i
> I'm trying to speed up the initialization of a legacy HTTP client
> application. Debugging that code, I found the following functions being
> called each application startup:
>
> initialization
> SSL_library_init()
> SSL_load_error_strings()
> OpenSSL_add_all_algorithms()
> RAND
What version of openssl are you using? Current versions do not call
RAND_screen or other long-term heap-walking on Windows.
You absolutely *must* properly initialize the random number generator. If you
fail to do that, attackers can guess the keys that you use. You will be
providing only the
Hello all,
I'm trying to speed up the initialization of a legacy HTTP client
application. Debugging that code, I found the following functions being
called each application startup:
initialization
SSL_library_init()
SSL_load_error_strings()
OpenSSL_add_all_algorithms()
RAND_scre
15 matches
Mail list logo