Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

RSA_generate_key() using prngd instead of /dev/random or /dev/urandom

I want to use RSA_generate_key() on HP-UX 11.11. But hp-ux 11.11 does not provide /dev/random or /dev/urandom, so I need to use openssl prngd.

Please let me know how to use it by default in C code. I have openssl installed and prngd is available.

$ ls /opt/openssl/prngd/prngd  
/opt/openssl/prngd/prngd

Let me know if you need more information.

like image 918
Naga Avatar asked Feb 18 '13 07:02

Naga


2 Answers

Noting that prngd uses the same interface that EGD does, checkout the instructions found here. A quote of interest is:

On systems without /dev/*random devices providing entropy from the kernel

Alternatively, the EGD-interface compatible daemon PRNGD can be used.

OpenSSL automatically queries EGD when entropy is requested via RAND_bytes() or the status is checked via RAND_status() for the first time, if the socket is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.

So when you run prngd, run it as prngd /dev/egd-pool or one of the other alternatives

like image 59
Voider Avatar answered Oct 19 '22 15:10

Voider


prngd simulates "/dev/random" and "/dev/urandom" over a network connection. It supports either a Unix stream-based domain socket ("/var/run/egd-pool") or (if configured to) or IP using TCP ports 708 or 4840 (default values---can be changed).

So, in using the Unix domain socket, it would look something like:

#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>

int devrandom(void)
{
  union 
  {
    struct sockaddr    sa;
    struct sockaddr_un path;
  } location;
  int sock;               

  memset(&location,0,sizeof(location));
  location.path.sun_family = AF_UNIX;
  strcpy(location.path.sun_path,"/var/run/egd-pool");

  sock = socket(AF_UNIX,SOCK_STREAM,0);
  if (sock < 0)
    return -1; 

  if (connect(sock,&location.sa,sizeof(struct sockaddr_un)) < 0)
    return -1;

  return sock;
}

This will return a file descriptor you can pass to read() in order to obtain the random data (note: this code is untested). A TCP/IP based connection is a bit more involved, requiring binding the socket to a local address and connecting to the remote address but there are plenty of examples on the Internet for that type of code.

like image 26
Sean Conner Avatar answered Oct 19 '22 16:10

Sean Conner