instead of 'unsigned' counters.
Seed PRNG in MacOS/GetHTTPS.src/GetHTTPS.cpp.
Partially submitted by Yoram Meroz <yoram@mail.idrive.com>.
has a return value which indicates the quality of the random data
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
error queue. New function RAND_pseudo_bytes() generates output that is
has a return value which indicates the quality of the random data
(1 = ok, 0 = not seeded). Also an error is recorded on the thread's
error queue. New function RAND_pseudo_bytes() generates output that is
- guaranteed to be unique but not unpredictable.
+ guaranteed to be unique but not unpredictable. RAND_add is like
+ RAND_seed, but takes an extra argument for an entropy estimate
+ (RAND_seed always assumes full entropy).
[Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,
[Ulf Möller]
*) Do more iterations of Rabin-Miller probable prime test (specifically,
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
*/
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
*/
+/* modified to seed the PRNG */
// Include some funky libs I've developed over time
// Include some funky libs I've developed over time
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
// Let's try grabbing some data from here:
// Let's try grabbing some data from here:
SSL *ssl = nil;
char tempString[256];
SSL *ssl = nil;
char tempString[256];
+UnsignedWide microTickCount;
+#warning -- USE A TRUE RANDOM SEED, AND ADD ENTROPY WHENEVER POSSIBLE. --
+const char seed[] = "uyq9,7-b(VHGT^%$&^F/,876;,;./lkJHGFUY{PO*"; // Just gobbledygook
+
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
BailIfError(errCode = MacSocket_Startup());
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
BailIfError(errCode = MacSocket_Startup());
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+ RAND_seed (seed, sizeof (seed));
+ Microseconds (µTickCount);
+ RAND_add (µTickCount, sizeof (microTickCount), 0); // Entropy is actually > 0, needs an estimate
+
// Create an SSL thingey and try to negotiate the connection
ssl = SSL_new(ssl_ctx);
// Create an SSL thingey and try to negotiate the connection
ssl = SSL_new(ssl_ctx);
* [including the GNU Public Licence.]
*/
* [including the GNU Public Licence.]
*/
-#define ENTROPY_NEEDED 16 /* require 128 bits of randomness */
+#define ENTROPY_NEEDED 16 /* require 128 bits = 16 bytes of randomness */
#ifndef MD_RAND_DEBUG
# ifndef NDEBUG
#ifndef MD_RAND_DEBUG
# ifndef NDEBUG
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
-static unsigned entropy=0;
+static double entropy=0;
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
static void ssleay_rand_seed(const void *buf, int num);
const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
static void ssleay_rand_cleanup(void);
static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, int add_entropy);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
static int ssleay_rand_bytes(unsigned char *buf, int num);
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
static int ssleay_rand_bytes(unsigned char *buf, int num);
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, int add)
+static void ssleay_rand_add(const void *buf, int num, double add)
{
int i,j,k,st_idx;
long md_c[2];
{
int i,j,k,st_idx;
long md_c[2];
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
#ifndef THREADS
assert(md_c[1] == md_count[1]);
#endif
- if (entropy < ENTROPY_NEEDED)
+ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
void (*seed)(const void *buf, int num);
int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
void (*seed)(const void *buf, int num);
int (*bytes)(unsigned char *buf, int num);
void (*cleanup)(void);
- void (*add)(const void *buf, int num, int entropy);
+ void (*add)(const void *buf, int num, double entropy);
int (*pseudorand)(unsigned char *buf, int num);
} RAND_METHOD;
int (*pseudorand)(unsigned char *buf, int num);
} RAND_METHOD;
int RAND_bytes(unsigned char *buf,int num);
int RAND_pseudo_bytes(unsigned char *buf,int num);
void RAND_seed(const void *buf,int num);
int RAND_bytes(unsigned char *buf,int num);
int RAND_pseudo_bytes(unsigned char *buf,int num);
void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,int entropy);
+void RAND_add(const void *buf,int num,double entropy);
int RAND_load_file(const char *file,long max_bytes);
int RAND_write_file(const char *file);
const char *RAND_file_name(char *file,int num);
int RAND_load_file(const char *file,long max_bytes);
int RAND_write_file(const char *file);
const char *RAND_file_name(char *file,int num);
rand_meth->seed(buf,num);
}
rand_meth->seed(buf,num);
}
-void RAND_add(const void *buf, int num, int entropy)
+void RAND_add(const void *buf, int num, double entropy)
{
if (rand_meth != NULL)
rand_meth->add(buf,num,entropy);
{
if (rand_meth != NULL)
rand_meth->add(buf,num,entropy);
void RAND_seed(const void *buf, int num);
void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
+ void RAND_add(const void *buf, int num, double entropy);
less predictable. Suitable input comes from user interaction (random
key presses, mouse movements) and certain hardware events. The
B<entropy> argument is (the lower bound of) an estimate of how much
less predictable. Suitable input comes from user interaction (random
key presses, mouse movements) and certain hardware events. The
B<entropy> argument is (the lower bound of) an estimate of how much
-randomness is contained in B<buf>. Details about sources of randomness
-and how to estimate their entropy can be found in the literature,
-e.g. RFC 1750.
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
RAND_add() may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the PRNG output.
RAND_add() may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the PRNG output.
projects / openssl.git / commitdiff