Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
On Mon, Dec 12, 2016 at 3:53 PM, Jeffrey Waltonwrote: > > So what is the correct way, 1 or 2? > > > > 1) > > > > RAND_poll() > > /* RAND_bytes is unnecessary */ > > /* RAND_add is unnecessary */ > > > > 2) > > > > RAND_poll() > > RAND_bytes(buf, 128); > > /* RAND_add is unnecessary */ > > On Windows, you call CryptGenRandom to obtain your seed for the > OpenSSL PRNG. On Linux, you use one of the random devices, like > /dev/srandom, /dev/random, or /dev/urandom. > > Windows Phone and Windows Store apps add a twist, like requiring calls > to BCryptGenRandom. There's no way to wrote portable code when you > factor in Windows Phone and Windows Store. It will be a #define mess. > > Jeff Perfect! So I just need to call RAND_poll(), because it seems already choosing that funcs above. :-) https://github.com/openssl/openssl/blob/master/crypto/rand/rand_win.c#L49 https://github.com/openssl/openssl/blob/master/crypto/rand/rand_unix.c#L161 Thanks a lot dude! -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
> So what is the correct way, 1 or 2? > > 1) > > RAND_poll() > /* RAND_bytes is unnecessary */ > /* RAND_add is unnecessary */ > > 2) > > RAND_poll() > RAND_bytes(buf, 128); > /* RAND_add is unnecessary */ On Windows, you call CryptGenRandom to obtain your seed for the OpenSSL PRNG. On Linux, you use one of the random devices, like /dev/srandom, /dev/random, or /dev/urandom. Windows Phone and Windows Store apps add a twist, like requiring calls to BCryptGenRandom. There's no way to wrote portable code when you factor in Windows Phone and Windows Store. It will be a #define mess. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Seed the RNG, via RAND_poll. When or if you need random bytes, call RAND_bytes. If you just need crypto keys, call the appropriate keygen API. Done. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
On Mon, Dec 12, 2016 at 3:33 PM, silvioprogwrote: [...] > So what is the correct way, 1 or 2? > *"which is ..." -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
On Mon, Dec 12, 2016 at 3:28 PM, Salz, Richwrote: > > > You fed RAND_bytes output back into RAND_add? That's silly. > > Yes. Is it unnecessary? My steps are: > > It is a bad idea. It is pointless. Don't do it. So what is the correct way, 1 or 2? 1) RAND_poll() /* RAND_bytes is unnecessary */ /* RAND_add is unnecessary */ 2) RAND_poll() RAND_bytes(buf, 128); /* RAND_add is unnecessary */ :-S -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
> > You fed RAND_bytes output back into RAND_add? That's silly. > Yes. Is it unnecessary? My steps are: It is a bad idea. It is pointless. Don't do it. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
On Mon, Dec 12, 2016 at 3:04 PM, Salz, Richwrote: > > "In short, I just replaced the RAND_screen() call to the RAND_poll(), > generated a random buffer using RAND_bytes() (based on > https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it > via RAND_add()" > > You fed RAND_bytes output back into RAND_add? That's silly. Yes. Is it unnecessary? My steps are: ... - RAND_scree() + RAND_poll() + RAND_bytes(buf, 128); + RAND_add(buf, length(buf), length(buf)); ... (I noticed I sent wrong patch, the correct one declare the RAND_bytes func ^^' ) -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
> "In short, I just replaced the RAND_screen() call to the RAND_poll(), > generated a random buffer using RAND_bytes() (based on > https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via > RAND_add()" You fed RAND_bytes output back into RAND_add? That's silly. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Oops, I meant: "In short, I just replaced the RAND_screen() call to the RAND_poll(), generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding it via RAND_add()" On Mon, Dec 12, 2016 at 2:46 PM, silvioprogwrote: [...] > In short, I just removed the RAND_screen() call, generated a random buffer > using RAND_bytes() (based on https://wiki.openssl.org/ > index.php/Random_Numbers#Software) seeding via RAND_add(). > -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Finally I think I solved this problem! :-) This is the patch I'm going to send to the `ssl_openssl_lib` authors: http://pastebin.com/VgSpnwxB . In short, I just removed the RAND_screen() call, generated a random buffer using RAND_bytes() (based on https://wiki.openssl.org/index.php/Random_Numbers#Software) seeding via RAND_add(). Thanks a lot for the help, dudes! :-) On Sun, Dec 4, 2016 at 12:01 AM, silvioprogwrote: > Thanks for sharing the links, I'm going to check them. > > The original code call RAND_screen() only once in the app initialization, > so can I replace it by RAND_add()? (I'm newbie on SSL) > > I've noticed the application is just a HTTP client consuming some web > services via HTTPS. It doesn't call explicitly any OpenSSL random function, > so I think it uses the default OpenSSL configurations. > > On Sat, Dec 3, 2016 at 3:42 PM, Jeffrey Walton wrote: > [...] > >> Also see https://wiki.openssl.org/index.php/Library_Initialization and >> https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues. >> >> The short of it is, you should stop relying on auto-initialization of >> the RNG, and seed it yourself with a call to `RAND_add`. >> >> Jeff > > -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Thanks for sharing the links, I'm going to check them. The original code call RAND_screen() only once in the app initialization, so can I replace it by RAND_add()? (I'm newbie on SSL) I've noticed the application is just a HTTP client consuming some web services via HTTPS. It doesn't call explicitly any OpenSSL random function, so I think it uses the default OpenSSL configurations. On Sat, Dec 3, 2016 at 3:42 PM, Jeffrey Waltonwrote: [...] > Also see https://wiki.openssl.org/index.php/Library_Initialization and > https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues. > > The short of it is, you should stop relying on auto-initialization of > the RNG, and seed it yourself with a call to `RAND_add`. > > Jeff -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
Thanks for replying! I found two libraries at application's directory: libeay32.dll and ssleay32.dll, both with file version 0.9.8.14 and product version 0.9.8n. I totally agree about properly initializing the random number generator, however I don't know how to do that yet. That code I'm using is a third party Pascal binding for the OpenSSL C library, and I've noticed that many other packages was based on that implementation too (eg: https://github.com/graemeg/freepascal/blob/master/packages/openssl/src/openssl.pas#L4442 - it seems based on an old LibOpenSsl version). The application I'm fixing uses the same file this link above, and I can edit it without problems. I removed the line RAND_screen and now the application initializes fast, but I'm not sure if it will turn my application vulnerable. If I get to solve it I will try some patch sharing it to the authors of these bindings. On Sat, Dec 3, 2016 at 2:34 PM, Salz, Richwrote: > What version of openssl are you using? Current versions do not call > RAND_screen or other long-term heap-walking on Windows. > > > > You absolutely **must** properly initialize the random number generator. > If you fail to do that, attackers can guess the keys that you use. You > will be providing only the illusion of security. > > > > Please pass this along to that other app. What it, and you, are doing is > horrible. > > > > -- > > Senior Architect, Akamai Technologies > > Member, OpenSSL Dev Team > > IM: richs...@jabber.at Twitter: RichSalz > -- Silvio Clécio -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
> I'm trying to speed up the initialization of a legacy HTTP client > application. Debugging that code, I found the following functions being > called each application startup: > > initialization > SSL_library_init() > SSL_load_error_strings() > OpenSSL_add_all_algorithms() > RAND_screen() > > however, the execution of RAND_screen() spends about 3 seconds. Also see https://wiki.openssl.org/index.php/Library_Initialization and https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues. The short of it is, you should stop relying on auto-initialization of the RNG, and seed it yourself with a call to `RAND_add`. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Doubt about OpenSSL library initialization in an HTTP client application
What version of openssl are you using? Current versions do not call RAND_screen or other long-term heap-walking on Windows. You absolutely *must* properly initialize the random number generator. If you fail to do that, attackers can guess the keys that you use. You will be providing only the illusion of security. Please pass this along to that other app. What it, and you, are doing is horrible. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users