I want to use RSA_generate_key()
on HP-UX 11.11. But hp-ux 11.11 does not provide /dev/random or /dev/urandom, so I need to use openssl prngd.
Please let me know how to use it by default in C code. I have openssl installed and prngd is available.
$ ls /opt/openssl/prngd/prngd
/opt/openssl/prngd/prngd
Let me know if you need more information.
Noting that prngd uses the same interface that EGD does, checkout the instructions found here. A quote of interest is:
On systems without /dev/*random devices providing entropy from the kernel
Alternatively, the EGD-interface compatible daemon PRNGD can be used.
OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
So when you run prngd, run it as prngd /dev/egd-pool
or one of the other alternatives
prngd simulates "/dev/random" and "/dev/urandom" over a network connection. It supports either a Unix stream-based domain socket ("/var/run/egd-pool") or (if configured to) or IP using TCP ports 708 or 4840 (default values---can be changed).
So, in using the Unix domain socket, it would look something like:
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
int devrandom(void)
{
union
{
struct sockaddr sa;
struct sockaddr_un path;
} location;
int sock;
memset(&location,0,sizeof(location));
location.path.sun_family = AF_UNIX;
strcpy(location.path.sun_path,"/var/run/egd-pool");
sock = socket(AF_UNIX,SOCK_STREAM,0);
if (sock < 0)
return -1;
if (connect(sock,&location.sa,sizeof(struct sockaddr_un)) < 0)
return -1;
return sock;
}
This will return a file descriptor you can pass to read() in order to obtain the random data (note: this code is untested). A TCP/IP based connection is a bit more involved, requiring binding the socket to a local address and connecting to the remote address but there are plenty of examples on the Internet for that type of code.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With