> You have RSA support, but you can't use it because you don't seed the
> PRNG.
Gotcha. I was just cooking OpenSSL to get the crypto support, so I can't
profess I understood at all what was going on, and since OpenSSH wasn't
calling any sort of useful error routines, I never saw the error message
that would have caused me to put 2 and 2 together and point toward the
conspicuous FAQ entry. Revising the little test proggy to read:
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rand.h>
static const char rnd_seed[] = "string to make the random number generator
thin$
int main(void) {
RSA *key;
// RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
key=RSA_generate_key(32,3,NULL,NULL);
if(key==NULL) {
printf("NO RSA!\n\n");
ERR_load_crypto_strings();
ERR_print_errors_fp(stdout);
}
else
printf("RSA OK!\n");
return(0);
}
Leaving the RAND_seed() function commented out, as above, causes the test to
fail, as it should, and it does return the correct error. Removing the
comments gets "RSA OK!".
Guess this one goes back to openssh-dev...
Thanks for the help!
-David Hesprich
--
David G. Hesprich, CISSP
Technical Solutions Consultant
Sprint Enterprise Network Services
Numeric Pager:800-724-3329 PIN 382-8387
Alpha Pager: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
