On Wed, Nov 13, 2019 at 12:23:37PM -0500, Jason Qian via openssl-users wrote:
> Here is the code for creating the key (openssl-0.9.8h)
Is this is a new question? It seems to no longer be related to DH
key agreement.
> int AESCipher::createKey(unsigned char *buf, int keySize) {
> char seed[256];
> ::sprintf(seed, "%ldXXX_XXX_H__xxxxx_xxxx_xxx_xxxxx_xxxxxxx__INCLUDED_",
> MiscUtils::generateId());
> RAND_seed(seed, ::strlen(seed));
>
> RAND_bytes(buf, keySize / 8);
> return keySize / 8;
> }
>
> For using 1.1.0, we only need to call RAND_bytes() ?
If the application running this code has no other sources of entropy,
and the above is the only "random" data stirred into the PRNG, then
you may be generating predictable AES keys in your 0.9.8h code.
It is likely that MiscUtils::generateId() does not generate
cryptographically secure random numbers, and even if it did, the
output is at most 64 bits (%ld), which is not long enough for an
AES key.
--
Viktor.
