How initialize the PRNG using RAND_seed ?
Hello: I need initialize the PRNG to can generate keys and performing public key encryption. I want use one of this functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); But I don´t know what parameters I have to use. Somebody can send me a example to use this functions?. Thanks a lot. Regards. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How initialize the PRNG using RAND_seed ?
Angel Martinez Gonzalez wrote: Hello: I need initialize the PRNG to can generate keys and performing public key encryption. I want use one of this functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); But I don´t know what parameters I have to use. Somebody can send me a example to use this functions?. See http://www.openssl.org/docs/crypto/RAND_add.html You usually use RAND_seed with a buffer of good random data. Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: How initialize the PRNG using RAND_seed ?
Hello: Thanks for your help, but I don´t know what buffer and num I must use. How I can generate this buffer of random data?. And, num is the entropy, but, what is it?. How I obtain this entropy?. I use Windows. Thanks. Ragards. - Original Message - From: Bernhard Froehlich [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, June 23, 2005 10:17 AM Subject: Re: How initialize the PRNG using RAND_seed ? Angel Martinez Gonzalez wrote: Hello: I need initialize the PRNG to can generate keys and performing public key encryption. I want use one of this functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); But I don´t know what parameters I have to use. Somebody can send me a example to use this functions?. See http://www.openssl.org/docs/crypto/RAND_add.html You usually use RAND_seed with a buffer of good random data. Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How initialize the PRNG using RAND_seed ?
Just use FreeBSD 5.X as your operating system, the random device on it has been completely rewritten to be self-seeding with high quality random numbers. It harvests from a number of interrupts and if you don't turn those on it uses the Yarrow PRNG code. And it also uses the hardware random generator in the VIA C3 Nehemiah (stepping 3 or greater) CPU if your motherboard has one of those CPUs. The PRNG is already ready to go when the system boots so you don't have to muck with any of those openssl seeding commands. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Angel Martinez Gonzalez Sent: Thursday, June 23, 2005 1:26 AM To: openssl-users@openssl.org Subject: Re: How initialize the PRNG using RAND_seed ? Hello: Thanks for your help, but I don´t know what buffer and num I must use. How I can generate this buffer of random data?. And, num is the entropy, but, what is it?. How I obtain this entropy?. I use Windows. Thanks. Ragards. - Original Message - From: Bernhard Froehlich [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Thursday, June 23, 2005 10:17 AM Subject: Re: How initialize the PRNG using RAND_seed ? Angel Martinez Gonzalez wrote: Hello: I need initialize the PRNG to can generate keys and performing public key encryption. I want use one of this functions: void RAND_seed(const void *buf, int num); void RAND_add(const void *buf, int num, double entropy); But I don´t know what parameters I have to use. Somebody can send me a example to use this functions?. See http://www.openssl.org/docs/crypto/RAND_add.html You usually use RAND_seed with a buffer of good random data. Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How initialize the PRNG using RAND_seed ?
Angel Martinez Gonzalez wrote: Hello: Thanks for your help, but I don´t know what buffer and num I must use. Buffer is a memory pointer. Usually something you allocated (in C by calling malloc) and filled with Data. If you don't know how to do that I'd urgently advise a basic course in C programming (or C++ or Pascal or Visual Basic or whatever). num is the number of bytes contained in that Buffer. You could also use RAND_load_file (http://www.openssl.org/docs/crypto/RAND_load_file.html) to load the data from a file. How I can generate this buffer of random data?. And, num is the entropy, but, what is it?. How I obtain this entropy?. That's the question which is considerably more tricky. Possible sources are timers (GetTickCount()) or user interaction. But it is really hard to get significant amounts of entropy without operating system support. I use Windows. There is a long way between Windows 2.0 and Windows Server 2003... ;) If you are using reasonable current versions of Windows (like 2000 or XP) the PRNG should be seeded automatically using MS Crypto API. You could check if the PRNG is seeded sufficiently by calling RAND_status. I once again recommend thorough reading of http://www.openssl.org/docs/crypto/RAND_add.html. Thanks. Ragards. Ted BTW, do you know the acronym RTFM? ;) smime.p7s Description: S/MIME Cryptographic Signature
Problem with Self-Signed certificate and wpa_supplicant
Hello All. I've been trying to setup WPA security on my network. As such, I have been generating my own root and server certificate, and signing my client certificates with said root certificate. However, for some reason, whenever I try to use the certificates with wpa_supplicant, I get the following errors: TLS: Certificate verification failed, error 18 (self signed certificate) depth 0 for '/C=CA/O=Radialink/CN=RADIUS' SSL: (where=0x4008 ret=0x230) SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA SSL: (where=0x1002 ret=0x) SSL: SSL_connect:error in SSLv3 read server certificate B SSL: SSL_connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed whenever I try to authenticate. I am reasonably certain there is no problem with my FreeRADIUS configuration, however, I suspect there might be a problem with my root certificate based on this error. Is anybody able to shed any light on this for me? Thanks, Phil. Full output from wpa_supplicant: --- Initializing interface 'ath0' conf '/etc/wpa_supplicant.conf' driver 'madwifi' Configuration file '/etc/wpa_supplicant.conf' - '/etc/ wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' Priority group 0 id=0 ssid='ap3-senaoabg' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 Own MAC address: 00:0b:6b:33:11:e6 wpa_driver_madwifi_set_wpa: enabled=1 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 10 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=12): 61 70 33 2d 73 65 6e 61 6f 61 62 67 ap3-senaoabg Wireless event: cmd=0x8b1a len=25 Wireless event: cmd=0x8b19 len=12 Received 668 bytes of scan results (3 BSSes) Scan results: 3 Selecting BSS from priority group 0 0: 00:02:6f:20:b6:6b ssid='Wireless Network' wpa_ie_len=28 rsn_ie_len=0 skip - SSID mismatch 1: 00:02:6f:20:b6:6c ssid='ap3-senaoabg' wpa_ie_len=24 rsn_ie_len=0 selected Trying to associate with 00:02:6f:20:b6:6c (SSID='ap3-senaoabg' freq=2412 MHz) Cancelling scan request Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1 WPA: using GTK CCMP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 No keys have been configured - skip key clearing wpa_driver_madwifi_set_drop_unencrypted: enabled=1 wpa_driver_madwifi_associate Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b1a len=25 Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:02:6f:20:b6:6c Association event - clear replay counter Associated to a new BSS: BSSID=00:02:6f:20:b6:6c No keys have been configured - skip key clearing Associated with 00:02:6f:20:b6:6c EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Wireless event: cmd=0x8c02 len=35 Custom wireless event: 'ASSOC|00:02:6f:20:b6:6c' RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:02:6f:20:b6:6c Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=0 EAP: EAP entering state IDENTITY EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 70 68 69 6c 69 70 70 65 philippe EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp EAPOL: SUPP_BE entering state RECEIVE WPA: EAPOL frame too short, len 9, expecting at least 99 RX EAPOL from 00:02:6f:20:b6:6c EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=0 EAP: EAP entering state RETRANSMIT EAP:
Generating a lot of randomness...
I have to generate quite a few random keys (and iv's) during a days. It comes out to about 1 million keys (16 bytes each) and 1 million iv's (16 bytes each). I tried using /dev/random and /dev/urandom but in one case it blocks too much of the time and in the other seems to run pretty slow. I tried using EGAD et al to no avail. So I decided to take a different approach. I am hoping to hear from others how they might have solved the problem. I thought I would take a hash of the message and using it as the salt call EVP_BytesToKey. I was wondering what others think of this solution. Chuck Wegrzyn Open Intent, Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
Date: Thu, 23 Jun 2005 12:22:30 -0400 From: C Wegrzyn [EMAIL PROTECTED] I have to generate quite a few random keys (and iv's) during a days. It comes out to about 1 million keys (16 bytes each) and 1 million iv's (16 bytes each). I tried using /dev/random and /dev/urandom but in one case it blocks too much of the time and in the other seems to run pretty slow. I tried using EGAD et al to no avail. So I decided to take a different approach. I am hoping to hear from others how they might have solved the problem. I thought I would take a hash of the message and using it as the salt call EVP_BytesToKey. I was wondering what others think of this solution. I've seen this approach: Use the hardware random number generator HRNG to seed a pseudorandom number generator PSRG. Use PSRG to generate random numbers. Each n random numbers, reseed PSRG from HRNG. -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Trouble building 0.9.7g on Solaris 2.8
Hello, I tried posting to this list prior to subscribing but haven't had any responses. Sorry if this is redundant, but I'm stuck trying to build 0.9.7g which is holding up the re-complilation of several dependant packages. I'm running into the following internal error when running make on 0.9.7g (solaris-sparcv7-gcc /w gcc 3.3.1) and would appreciate any assistance / clues / pointers. HMAC_CTX_set_flags dgst.o ld: fatal: Symbol referencing errors. No output written to openssl collect2: ld returned 1 exit status make[1]: *** [openssl] Error 1 Regards, -forrestf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Data truncated at the end of session
I have an application using OpenSSL that suffer from data truncation at the end of session. This application is a FTPS client. I check it using FileZilla FTPS server. What happend is that most of the time, the files are transferred truncated at the end. The received file is truncated at exactly the 4KB boundary nearest to the true end of file. This happend only on large files (more than 2MB). I'm using asynchronous socket on Win-XP/PRO/SP2. Any idea ? -- [EMAIL PROTECTED] The author for the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? Thanks again, Chuck Wegrzyn Ken Goldman wrote: Date: Thu, 23 Jun 2005 12:22:30 -0400 From: C Wegrzyn [EMAIL PROTECTED] I have to generate quite a few random keys (and iv's) during a days. It comes out to about 1 million keys (16 bytes each) and 1 million iv's (16 bytes each). I tried using /dev/random and /dev/urandom but in one case it blocks too much of the time and in the other seems to run pretty slow. I tried using EGAD et al to no avail. So I decided to take a different approach. I am hoping to hear from others how they might have solved the problem. I thought I would take a hash of the message and using it as the salt call EVP_BytesToKey. I was wondering what others think of this solution. I've seen this approach: Use the hardware random number generator HRNG to seed a pseudorandom number generator PSRG. Use PSRG to generate random numbers. Each n random numbers, reseed PSRG from HRNG. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Reducing size of the OpenSSL library
Hi All I was trying to reduce the size of the openSsl library due to memory constraints on our platform. I tried to remove three patented ciphers idea, rc5 and mdc2. Any ideas what more can be done to reduce the final size of the library?. thanks and regards -Krish __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Reducing size of the OpenSSL library
On Thu, 23 Jun 2005 11:11:18 -0700 (PDT), Krishna M Singh [EMAIL PROTECTED] said: Hi All I was trying to reduce the size of the openSsl library due to memory constraints on our platform. I tried to remove three patented ciphers idea, rc5 and mdc2. Any ideas what more can be done to reduce the final size of the library?. If you're not already using this switch you might give it a try: -Os Optimize for size. -Os enables all -O2 optimizations that do not typically increase code size. It also performs further optimizations designed to reduce code size. -Os disables the following optimization flags: -falign-functions -falign-jumps -falign-loops -falign-labels -freorder-blocks -fprefetch-loop-arrays Wren __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Generating a lot of randomness...
I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? Use /dev/urandom to seed your own PRNG. Or use it to seed OpenSSL's PRNG. Why are you asking on this list anyway? Did you try OpenSSL's PRNG and find it insufficient? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
Generating one or two random numbers over a period of time isn't a big deal. Generating 100,000+ 128 bit random numbers an hour taxes /dev/random and /dev/urandom. Even the use of EGAD doesn't help. If you re-read the thread you will see that I wrote what I thought was a reasonable approach and looking for concrete criticism of it or other ways. C David Schwartz wrote: I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? Use /dev/urandom to seed your own PRNG. Or use it to seed OpenSSL's PRNG. Why are you asking on this list anyway? Did you try OpenSSL's PRNG and find it insufficient? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Trouble building 0.9.7g on Solaris 2.8
Anyone, bueller? If I'm lacking a clue here can someone please give me one? If I'm up the creek without a paddle and need to stick with 0.9.7e then can someone tell me that? Has anyone encountered this error, and if so is there a reasonable fix? I can't move to the beta because I have too many production applications tied into openssl, so I need a fix for 0.9.7g, or I need to stick with 0.9.7e until 0.8.x is available. Comments, suggestions, pointers very much appreciated. Thank you. Sorry for the spam. Final post. -forrestf Forrest Foster wrote: Hello, I tried posting to this list prior to subscribing but haven't had any responses. Sorry if this is redundant, but I'm stuck trying to build 0.9.7g which is holding up the re-complilation of several dependant packages. I'm running into the following internal error when running make on 0.9.7g (solaris-sparcv7-gcc /w gcc 3.3.1) and would appreciate any assistance / clues / pointers. HMAC_CTX_set_flags dgst.o ld: fatal: Symbol referencing errors. No output written to openssl collect2: ld returned 1 exit status make[1]: *** [openssl] Error 1 Regards, -forrestf __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Generating a lot of randomness...
Generating one or two random numbers over a period of time isn't a big deal. Generating 100,000+ 128 bit random numbers an hour taxes /dev/random and /dev/urandom. Even the use of EGAD doesn't help. Right. If you re-read the thread you will see that I wrote what I thought was a reasonable approach and looking for concrete criticism of it or other ways. But why not the obvious approach -- using OpenSSL's RNG? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Release delayed a few days...
Hi all, Due to a number of last minute reports, the final release of OpenSSL 0.9.8 is delayed a few days to give the affected people a chance to test that the corrections done do fix things as expeted. So please, if you have sent in a report about something failing with one of the 0.9.8 betas, grap a snapshot (tomorrow's, i.e. openssl-0.9.8-stable-SNAP-20050624.tar.gz or later) and try it, to confirm that we fixed your problem and didn't create new ones. And if anyone else wants to run a test, just to see that we didn't break anything on your platform, please do so. In all cases, please tell us how it went, so we know. Same channel as before. I plan to do the final release on sunday (26th) or monday (27th) evening, swedish time, so time is of the essence. Thanks, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
I see things for adding entropy, loading files, etc. I don't see anything about generating random numbers. Am I missing something so obvious if it was a snake it would have bitten me by now? Chuck Wegrzyn David Schwartz wrote: Generating one or two random numbers over a period of time isn't a big deal. Generating 100,000+ 128 bit random numbers an hour taxes /dev/random and /dev/urandom. Even the use of EGAD doesn't help. Right. If you re-read the thread you will see that I wrote what I thought was a reasonable approach and looking for concrete criticism of it or other ways. But why not the obvious approach -- using OpenSSL's RNG? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
C Wegrzyn wrote: I have to generate quite a few random keys (and iv's) during a days. It comes out to about 1 million keys (16 bytes each) and 1 million iv's (16 bytes each). I tried using /dev/random and /dev/urandom but in one case it blocks too much of the time and in the other seems to run pretty slow. I tried using EGAD et al to no avail. So I decided to take a different approach. I am hoping to hear from others how they might have solved the problem. I thought I would take a hash of the message and using it as the salt call EVP_BytesToKey. I was wondering what others think of this solution. I would say that qualifies as close to the definition of bad from a cryptographic standpoint. ;-) Use /dev/random to seed Yarrow, or another PRNG, if you need a lot of random material. Don't make it a function of anything that isn't a nonce. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Generating a lot of randomness...
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of C Wegrzyn Sent: Thursday, June 23, 2005 10:14 AM To: Ken Goldman Cc: openssl-users@openssl.org Subject: Re: Generating a lot of randomness... I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? What operating system are you using? Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
Linux (gentoo variant). C. Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of C Wegrzyn Sent: Thursday, June 23, 2005 10:14 AM To: Ken Goldman Cc: openssl-users@openssl.org Subject: Re: Generating a lot of randomness... I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? What operating system are you using? Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generating a lot of randomness...
This is a few years old, but may be useful. The code illustrates the use of the HMAC variant on ANSI X9.17 key generation as described in the paper, used to generate random byte strings. It uses the hash functions in the OpenSSL libraries. Paper: http://www.tenebras.com/papers/SecureRandom.html Code: http://www.tenebras.com/code/hmac-prng.tar.gz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
zero byte header files in latest release.
Hey OpenSSL guru guys! Just downloaded http://www.openssl.org/source/openssl-0.9.7g.tar.gz ALL the header files in openssl-0.9.7g\include\openssl are zero bytes in length!?? Is there something wrong with the distribution or am I doing something stupid? Thanks in advance, Pj. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Thursday, 23 June 2005 10:32 AM To: openssl-users@openssl.org Subject: Re: syntax for multiple authorityInfoAccess entries On Thu, Jun 23, 2005, Dr. Rodney McDuff wrote: Hi I'm try to add multiple caIssuers and OCSP entries to my authorityInfoAccess attribute and I am having some difficulties with getting the right openssl.cnf syntax. I want to add the following (Note LDAP URIs and nasty commas) caIssuers;http://server1.domain/certs/ca-certs.p7b caIssuers;http://server2.domain/certs/ca-certs.p7b caIssuers;ldap://server1.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;b inary caIssuers;ldap://server2.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;b inary OCSP;http://server1.domain/ocsp OCSP;http://server2.domain/ocsp How is it done? To use commas the @section form is mandatory. You also need to keep the LHS unique so something like this should do the trick: [EMAIL PROTECTED] ... [aia_sect] OCSP;URI.1=http://www.some.responder.org/ OCSP;URI.2=http://www.some.other-responder.org/ caIssuers;URI.3=http://server.whatever.org/cert-path caIssuers;URI.4=ldap://server.whatever.org/xxx,yyy Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.11/26 - Release Date: 22/06/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.0/27 - Release Date: 23/06/2005 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Compilation of openssl-0.9.8-stable-SNAP-20050624 fails on Solaris 2.5.1 x86
# uname -a SunOS mail2 5.5.1 Generic_103641-42 i86pc i386 i86pc # gcc -v Reading specs from /usr/local/lib/gcc-lib/i586-sun-solaris2.5.1/2.95.3/specs gcc version 2.95.3 20010315 (release) # Hardware is a Pentium 66. (yes, an original Pentium) # ./Configure solaris-x86-gcc zlib shared -L/usr/local/lib Configuring for solaris-x86-gcc no-gmp [default] OPENSSL_NO_GMP (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-mdc2 [default] OPENSSL_NO_MDC2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-zlib-dynamic [default] IsMK1MF=0 CC=gcc CFLAG =-fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -D HAVE_DLFCN_H -O3 -fomit-frame-pointer -march=i486 -Wall -DL_ENDIAN -DOPEN SSL_NO_INLINE_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM EX_LIBS =-L/usr/local/lib -lsocket -lnsl -ldl -lz CPUID_OBJ =x86cpuid-elf.o BN_ASM=bn86-elf.o co86-elf.o DES_ENC =dx86-elf.o yx86-elf.o AES_ASM_OBJ =ax86-elf.o BF_ENC=bx86-elf.o CAST_ENC =c_enc.o RC4_ENC =rx86-elf.o RC5_ENC =r586-elf.o MD5_OBJ_ASM =mx86-elf.o SHA1_OBJ_ASM =sx86-elf.o s512sse2-elf.o RMD160_OBJ_ASM=rm86-elf.o PROCESSOR = RANLIB=/usr/ccs/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY_TWO_BIT mode DES_PTR used DES_RISC1 used DES_UNROLL used BN_LLONG mode RC4_INDEX mode RC4_CHUNK is undefined created directory `include/openssl' e_os2.h = include/openssl/e_os2.h making links in crypto... crypto.h = ../include/openssl/crypto.h tmdiff.h = ../include/openssl/tmdiff.h opensslv.h = ../include/openssl/opensslv.h opensslconf.h = ../include/openssl/opensslconf.h ebcdic.h = ../include/openssl/ebcdic.h symhacks.h = ../include/openssl/symhacks.h ossl_typ.h = ../include/openssl/ossl_typ.h making links in crypto/objects... objects.h = ../../include/openssl/objects.h obj_mac.h = ../../include/openssl/obj_mac.h making links in crypto/md2... md2.h = ../../include/openssl/md2.h md2test.c = ../../test/md2test.c making links in crypto/md4... md4.h = ../../include/openssl/md4.h md4test.c = ../../test/md4test.c md4.c = ../../apps/md4.c making links in crypto/md5... md5.h = ../../include/openssl/md5.h md5test.c = ../../test/md5test.c making links in crypto/sha... sha.h = ../../include/openssl/sha.h shatest.c = ../../test/shatest.c sha1test.c = ../../test/sha1test.c sha256t.c = ../../test/sha256t.c sha512t.c = ../../test/sha512t.c making links in crypto/hmac... hmac.h = ../../include/openssl/hmac.h hmactest.c = ../../test/hmactest.c making links in crypto/ripemd... ripemd.h = ../../include/openssl/ripemd.h rmdtest.c = ../../test/rmdtest.c making links in crypto/des... des.h = ../../include/openssl/des.h des_old.h = ../../include/openssl/des_old.h destest.c = ../../test/destest.c making links in crypto/aes... aes.h = ../../include/openssl/aes.h making links in crypto/rc2... rc2.h = ../../include/openssl/rc2.h rc2test.c = ../../test/rc2test.c making links in crypto/rc4... rc4.h = ../../include/openssl/rc4.h rc4test.c = ../../test/rc4test.c making links in crypto/idea... idea.h = ../../include/openssl/idea.h ideatest.c = ../../test/ideatest.c making links in crypto/bf... blowfish.h = ../../include/openssl/blowfish.h bftest.c = ../../test/bftest.c making links in crypto/cast... cast.h = ../../include/openssl/cast.h casttest.c = ../../test/casttest.c making links in crypto/bn... bn.h = ../../include/openssl/bn.h bntest.c = ../../test/bntest.c exptest.c = ../../test/exptest.c making links in crypto/ec... ec.h = ../../include/openssl/ec.h ectest.c = ../../test/ectest.c making links in crypto/rsa... rsa.h = ../../include/openssl/rsa.h rsa_test.c = ../../test/rsa_test.c making links in crypto/dsa... dsa.h = ../../include/openssl/dsa.h dsatest.c = ../../test/dsatest.c making links in crypto/ecdsa... ecdsa.h = ../../include/openssl/ecdsa.h ecdsatest.c = ../../test/ecdsatest.c making links in crypto/dh... dh.h = ../../include/openssl/dh.h dhtest.c = ../../test/dhtest.c making links in crypto/ecdh... ecdh.h = ../../include/openssl/ecdh.h ecdhtest.c = ../../test/ecdhtest.c making links in crypto/dso... dso.h = ../../include/openssl/dso.h making links in crypto/engine... engine.h = ../../include/openssl/engine.h enginetest.c = ../../test/enginetest.c making links in crypto/buffer... buffer.h = ../../include/openssl/buffer.h making links in crypto/bio... bio.h = ../../include/openssl/bio.h making links in crypto/stack... stack.h = ../../include/openssl/stack.h safestack.h = ../../include/openssl/safestack.h making links in crypto/lhash... lhash.h = ../../include/openssl/lhash.h making links in crypto/rand... rand.h = ../../include/openssl/rand.h randtest.c = ../../test/randtest.c making links in crypto/err... err.h = ../../include/openssl/err.h making links in crypto/evp... evp.h = ../../include/openssl/evp.h evp_test.c = ../../test/evp_test.c cp evptests.txt
RE: Generating a lot of randomness...
I thought that Linux's random device now supports the HRNG's for Intel, AMD and Via. Here's the docs on the Intel HRNG: http://www.linuxhq.com/kernel/v2.4/3/Documentation/i810_rng.txt What does menuconfig say? The Linux driver used to be built on the old Theodore Ts'o code, which is not sufficiently random for very high crypto. Maybe your Linux distribution still uses this code? An overview of the VIA Technologies HRNG is here: http://www.via.com.tw/en/initiatives/padlock/hardware.jsp FreeBSD 5.x has a driver for this in it's /dev/random device. An overview of the HRNG in the Intel CPU's (P3 and later) is here: http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf Another very good technique is to use a simple PC cam with the lenscap on. Here's the link: http://www.lavarnd.org/what/index.html Have fun! Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of C Wegrzyn Sent: Thursday, June 23, 2005 4:14 PM To: openssl-users@openssl.org Cc: Ken Goldman Subject: Re: Generating a lot of randomness... Linux (gentoo variant). C. Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of C Wegrzyn Sent: Thursday, June 23, 2005 10:14 AM To: Ken Goldman Cc: openssl-users@openssl.org Subject: Re: Generating a lot of randomness... I can't add anything beyond what is available on a AMD or Intel motherboard. So is there a built-in HRNG that I can get to (if so, where is the driver for it)? What operating system are you using? Ted __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]