Hi Thomas, [...@openssl.org email corrected]
Looking at the latest SRP patch [1], I noticed the use of RAND_bytes: lines 5047 and 5222. Bytes acquired at 5047 are subsequently used in a call to generate B's key pair, while the call at 5222 is later used for A's key pair generation. According to the OpenSSL documentation on RAND_bytes [2], RAND_bytes returns 1 on success, 0 otherwise. But it appears the current implementation does not detect a possible failure, which might get a user into trouble under [presumably] a narrowly limited set of circumstances. I understand the documentation is not always up to date (the dev team is usually busy doing what they do best - developing), so I might be wrong on the whole return value/failure thing. OT: I look forward to seeing SRP incorporated into OpenSSL (both RFC 2945 and RFC 5054). They are both very helpful when needed. Jeffrey Walton [1] http://rt.openssl.org/Ticket/Attachment/25682/12416/srp-openssl-20100208-patch.txt [2] RAND_bytes, http://www.openssl.org/docs/crypto/RAND_bytes.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
