hi all,
in version 1.8 (2000/01/16) of rand_lib.c someone introduced
RAND_pseudo_bytes and replaced afterwards RAND_bytes with
RAND_pseudo_bytes e.g. in s23_clnt.c:ssl23_client_hello (1.14,
2000/01/21). the return value of RAND_pseudo_bytes was not checked.
later someone started to check the return value and abort in case of <=0
(s23_clnt.c, 1.26, 2005/04/29).
the problem with this new error checking is, that RAND_pseudo_bytes
clears a PRNG_NOT_SEEDED error it gets from RAND_bytes. an application
using e.g. SSL_connect has no chance to determine why SSL_connect failed
(no error in the ssl error queue, but an error occurred due to an
un-seeded prng in ssl23_client_hello).
wouldn't it be better to replace RAND_pseudo_bytes in
s23_clnt.c:ssl23_client_hello (and all other occurrences where for <=0
is checked) with RAND_bytes?
then we have a clear error indication and it is made clear that we need
strong random data (as rfc2246 also says about random_bytes in the
client_hello message).
thanks for your help
andrea
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
