Hello all,
I am an OpenSSL newbie (I compiled 0.9.6 on last monday only) and first
want to congratulate the development team :)
It worked all well under NT with VC5 with a static build - no dll.
After having searched hardly in the documentation, I am beginning to use
the correct PEM_ macros and I have got a problem with the PRNG seeding.
Actually, I use DSA keys and want to sign a text. Doc says
(EVP_SignInit()) the RNG must be seeded. The problem is that I always
get the "-randomness from PROV_RSA_FULL" message although Openssl.exe (I
run under 2000 server) does not display it.
It is annoying since it seems that there is no real randomness with
"-randomness from PROV_RSA_FULL" (I saw that by calling a display
callback function in a "dsaparam like" call : I always get the same
"+*..." display in the same order !).
I would like my program to behave like openssl.exe, so I copied all init
code from openssl.c, dsaparam.c, app_rand.c and made calls in the same
order (see program source code below).
Alas !
I always this "-randomness from PROV_RSA_FULL" ! Could someone help me ?
Thanks in advance
Best regards
Patrice
PS: this program runs under Windows and uses loadkeys.c from
demos/maurice (a bit modified to use PEM_ macros instead of ANS1_ ones).
PS2: the call to EVP_Sign is not present since the RNG is not well
seeded at this time.
PS3: here is what is displayed :
Loading 'screen' into random state -randomness from PROV_RSA_FULL
Exiting RAND_poll
done
randomness from PROV_RSA_FULL
Exiting RAND_poll
---- PUBLIC key ----
pub:
...
*- begin of test5.cpp -*
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include "loadkeys.h"
// taken from openssl.c
BIO *bio_err=NULL;
LHASH *config=NULL;
char *default_config_file=NULL;
// end from openssl.c
// taken from app_rand.c
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
{
int consider_randfile = (file == NULL);
char buffer[200];
#ifdef WINDOWS
BIO_printf(bio_e,"Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e," done\n");
#endif
if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer);
else if (RAND_egd(file) > 0)
{
/* we try if the given filename is an EGD socket.
if it is, we don't write anything back to the file.
*/
// egdsocket = 1;
return 1;
}
if (file == NULL || !RAND_load_file(file, -1))
{
if (RAND_status() == 0 && !dont_warn)
{
BIO_printf(bio_e,"unable to load 'random
state'\n");
BIO_printf(bio_e,"This means that the random
number generator has not been seeded\n");
BIO_printf(bio_e,"with much random data.\n");
if (consider_randfile) /* explanation does not
apply when a file is explicitly named */
{
BIO_printf(bio_e,"Consider setting the
RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_e,"'random' data can be
kept in (the file will be overwritten).\n");
}
}
return 0;
}
// seeded = 1;
return 1;
}
// end of app_rand.c
int main (int argc, char* argv[])
{
EVP_PKEY *pubkey = NULL;
EVP_PKEY *privkey = NULL;
// taken from openssl.c
char *p;
char config_name[256];
CRYPTO_malloc_init();
OpenSSL_add_all_algorithms();
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
strcat(config_name,"/");
strcat(config_name,OPENSSL_CONF);
p=config_name;
}
default_config_file=p;
config=CONF_load(config,p,NULL);
// end from openssl.c
// taken from dsaparam.c
ERR_load_crypto_strings();
app_RAND_load_file(NULL, bio_err, 1);
// end from dsaparam.c
pubkey = ReadPublicKey("pub.pem");
privkey = ReadPrivateKey("priv.pem");
if ( pubkey != NULL)
{
printf("---- PUBLIC key ----\n");
DSA_print_fp(stdout,EVP_PKEY_get1_DSA(pubkey),0);
EVP_PKEY_free(pubkey);
}
if ( privkey != NULL)
{
printf("---- PRIVATE key ----\n");
DSA_print_fp(stdout,EVP_PKEY_get1_DSA(privkey),0);
EVP_PKEY_free(privkey);
}
// now we want to sign
// ARG ! Unable to correctly init PRNG !
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
