Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

RSA_generate_key() using prngd instead of /dev/random or /dev/urandom

Tags:

c

openssl

cryptography

rsa

hp-ux

I want to use RSA_generate_key() on HP-UX 11.11. But hp-ux 11.11 does not provide /dev/random or /dev/urandom, so I need to use openssl prngd.

Please let me know how to use it by default in C code. I have openssl installed and prngd is available.

$ ls /opt/openssl/prngd/prngd  
/opt/openssl/prngd/prngd

Let me know if you need more information.

like image 918
Naga Avatar asked Feb 18 '13 07:02

Naga

2 Answers

Noting that prngd uses the same interface that EGD does, checkout the instructions found here. A quote of interest is:

On systems without /dev/*random devices providing entropy from the kernel

Alternatively, the EGD-interface compatible daemon PRNGD can be used.

OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.

So when you run prngd, run it as prngd /dev/egd-pool or one of the other alternatives

like image 59
Voider Avatar answered Oct 19 '22 15:10

Voider

prngd simulates "/dev/random" and "/dev/urandom" over a network connection. It supports either a Unix stream-based domain socket ("/var/run/egd-pool") or (if configured to) or IP using TCP ports 708 or 4840 (default values---can be changed).

So, in using the Unix domain socket, it would look something like:

#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>

int devrandom(void)
{
  union 
  {
    struct sockaddr    sa;
    struct sockaddr_un path;
  } location;
  int sock;               

  memset(&location,0,sizeof(location));
  location.path.sun_family = AF_UNIX;
  strcpy(location.path.sun_path,"/var/run/egd-pool");

  sock = socket(AF_UNIX,SOCK_STREAM,0);
  if (sock < 0)
    return -1; 

  if (connect(sock,&location.sa,sizeof(struct sockaddr_un)) < 0)
    return -1;

  return sock;
}

This will return a file descriptor you can pass to read() in order to obtain the random data (note: this code is untested). A TCP/IP based connection is a bit more involved, requiring binding the socket to a local address and connecting to the remote address but there are plenty of examples on the Internet for that type of code.

like image 26
Sean Conner Avatar answered Oct 19 '22 16:10

Sean Conner
Sign in to Comment

Related questions

C - user single char input rendering weird results
What is the specified behavior of including a standard C header, in C++ code, inside a linkage-specification (extern "C", extern "C++")?
Reading MIDI file (C): 0x00 appearing after the end of a var-length value
How do I open a temporary file AND get its filename?
Is it always safe to cast char to int and int to double?
Eigenvalues calculations in C-within-R codes
Using parse_datetime from gnu c
How to find nth occurence (in reverse) of a word in a large text file?
Interrupt-safe buffer
Extend a dynamic linked shared library?
Creating a simple HTTP proxy in C [closed]
Why does ZeroMQ connect return 0 even when no server listening?
How to set up sigaltstack correctly?
pipe call and synchronization
C: Thread Safe Logging to a File
Casting initializers down to a pointer
deep copy of struct with Pointer Point in C
Struct with array of structs of unknown size
fopen() returning a NULL pointer, but the file definitely exists
Why can't you do bitwise operations on pointer in C, and is there a way around this?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!