Hi,
I am making an application that makes SSL connections. The problem is
that my application will run in a chrooted environment, and will not be
able to access /dev/urandom, but I have a function available which can
read random values from a TRNG. I would like to know if my approach to
the random initialization is correct. I just write a file with 1024
bytes of random data, call RAND_load_file passing that file, and delete
the file.
#define TMP_RAND_FILENAME "/tmp/aaa"
#define RANDOM_DATA_LEN 1024
static int seed_prng(void)
{
unsigned char trng_buff[RANDOM_DATA_LEN];
{
unsigned short count = 0;
while(count < RANDOM_DATA_LEN)
{
if(trng_read((unsigned int *)(trng_buff + count))!=0)
return -1;
count += sizeof(unsigned int);
}
}
{
int fd;
fd = open(TMP_RAND_FILENAME, O_CREAT | O_TRUNC | O_WRONLY,
S_IRUSR | S_IWUSR);
if(fd < 0)
return -1;
if(write(fd, trng_buff, RANDOM_DATA_LEN) != RANDOM_DATA_LEN)
{
close(fd);
return -1;
}
close(fd);
}
if(RAND_load_file(TMP_RAND_FILENAME, RANDOM_DATA_LEN) <= 0)
return -1;
unlink(TMP_RAND_FILENAME);
return 0;
}
Thanks in advance.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
