Thank you so much. Your message cleared up a problem I wrestled with for
some time. Once you pointed me in the right direction, I found everything
in the manpages, and it all fell into context (I have to admit to being a
little thick from time to time :).
Anyway, this is what I did:
unsigned char entropy[4096];
/* I know the name may not be appropriate, and the array a little big, but
* I will likely drop this to 2050 bytes later, and the name, well . . .
*/
/* Then I call the SSL_load_error_strings() and
OpenSSL_add_all_algorithms()
* routines, and create my context. Then, . . .
*/
RAND_bytes(entropy, 4000);
RAND_seed(entropy, 3000);
/* just giving myself some room until the code is working */
And everything works. I will drop the size of the random string, and
tighten the overhead to try to speed things up.
A final question, though: Is it necessary to re-seed the PRNG from time
to time? or is this really strong enough to just hit it once?
Thanks again, Richard.
Lou
Richard Levitte - VMS Whacker wrote:
> From: Louis LeBlanc <[EMAIL PROTECTED]>
>
> leblanc> The project involved an https load generator - primarily used
> leblanc> for correctness testing of another project. I had the worst
> leblanc> time getting the initial handshake to work. The dreaded
> leblanc> 'PRNG not seeded' message kept plaguing me. Finally I did
> leblanc> about a hundred searches on the openssl-users list archives
> leblanc> (no, it isn't in the FAQ),
>
> Yes, it *is*, and has been since the start of the FAQ, which was about
> 5 days before 0.9.5 was released... You can look for yourself in the
> CVSweb, at http://www.openssl.org/source/cvs/FAQ.
>
> leblanc> and found that 0.9.5 and later have some problem seeding the
> leblanc> handshake values if /dev/urandom does not exist (like on
> leblanc> Solaris 2.7). The entries I found said that the current
> leblanc> snapshots should fix it (and yes, it is a bug).
>
> No, it's a feature (according to the rule that a bug that is
> documented is really a feature :-)).
>
> Seriously, 0.9.4 carries a much more serious bug, and it's that if
> there is no /dev/urandom, OpenSSL has en entropy pool that has been
> seeded with the current PID, the current uid and the current time,
> which equals no entropy from a security point of view. Therefore, it
> was decided some time before the release of 0.9.5 that unless there is
> at least 128 bits of entropy, the PRNG would refuse to give out any
> randomness.
>
> So again, from a serious security point of view, this is not a bug,
> it's a feature. And remember that OpenSSL deals with exactly that:
> security.
>
> It's therefore up to the application to add the random seed as it sees
> fit, until the demand for enough entropy has been met. The functions
> RAND_seed(), RAND_add() and RAND_status() are there for you, man.
> Also RAND_egd() if you use EGD.
>
> It can be argued that OpenSSL could try to build entropy by forking
> and running all kinds of programs and use their output as entropy
> (this is what EGD does for you, should you decide to use it).
> However, the crypto library of OpenSSL might be used in an application
> that runs as root, so you can guess what kind of security hole we
> would leave open to the world if we did that.
>
> Also, I would stop using 0.9.4 if I were you, at least if you're the
> least bit concerned by security, since that version didn't check the
> amount of entropy that went into the pool, and therefore gave really
> bad randomness unless there was a /dev/urandom...
>
> Note that for Solaris 2.6, there a Sunski package in patch 105710-01
> that adds a /dev/random device. However, since /dev/random is usually
> a blocking device, it is possible that libcrypto will just hang,
> waiting for more data... I guess I'll have to check that out at work.
>
> --
> Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
> Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
> Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
> Software Engineer, Celo Communications: http://www.celocom.com/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
