Insh_Allah wrote:
> > I suggest the content of the stack on any architecture where there are
> > asynchronous interrupts that will store content in your local stack.
They are architectures where a context switch is made after every interrupt, and
the local stack is not used.
They are architectures where there's no asynchronous interrupt.
Just as a warning.
> > Easy to implement and not so bad if properly done (do not read a value
> > that is
> > set by the preceeding function call, do not read a value that is too far
> > to be
> > overwritten by asynchronous interrupts).
>
> Hm, have to think about 'properly doing' this, though.
> I guess something like this should be a reasonable start:
>
> static void RAND_collect_from_stack(void)
> {
> char buffer_to_catch_interrupt_data[256+1];
>
>
I hope I didn't open the Pandora box.
First, I suggest you do not rely _only_ on this.
Add it to all your other randomness sources, do not replace them.
Second, the actual way to test that is to compile your application, set a
breakpoint in that function, check if the values in
buffer_to_catch_interrupt_data are actually different every time the breakpoint
is hitten.
And _retest_ it if you modify your application.
Thirsd, I hope no one ever copies this function blindly, and calls
RAND_collect_from_stack() just after the call to
here_I_use_a_512_byte_table_allocated_in_the_stack_and_initialize_it_to_zero().
The randomness of this is _very_ dependant of what happens before in the
program, and change in it will change that randomness very easily.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
