Re: [openssl-dev] Work on a new RNG for OpenSSL

[Salz, Rich via openssl-dev]

Is this new RNG object available to user programs, or do they need
to reinvent the wheel even though they definitely link against the
OpenSSL library?


You don’t have to re-invent the wheel, but you might have to modify the source 
☺  Did you read the blog posting?  What wasn’t clear?

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

[Steffen Nurpmeso]

"Salz, Rich via openssl-dev"  wrote:
 |➢ But I’d like the development team to comment on (and ideally – accept) \
 |my request to add RAND_add() method to the RNG that is used in generation \
 |of private keys.
 |
 |Well, I’ve been thinking about this for a bit, since you first raised \
 |it.  I am still not sure of the need.  And as the blog post says, we’re \
 |not convinced that the current DRBG arrangement is something that will \
 |never change.  But I think a new API, RAND_add_ex that took a flag \
 |that had values like RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE, \
 |RAND_LOCAL_PRIVATE indicating which to seed. Thoughts?

Is this new RNG object available to user programs, or do they need
to reinvent the wheel even though they definitely link against the
OpenSSL library?

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

[Blumenthal, Uri - 0553 - MITLL]

Offhand, I'd say it's a perfect solution. It allows me to mix in additional 
randomness when I want to the RNG that I think may need it. Exactly what I 
need. 

Thanks! 

P.S. I wonder if it's feasible to have a configuration parameter that would 
allow me to tell the TLS code to invoke RAND_add_ex() before generating session 
keys?

Regards,
Uri

Sent from my iPhone

> On Aug 18, 2017, at 19:42, Salz, Rich via openssl-dev 
>  wrote:
> 
> ➢ But I’d like the development team to comment on (and ideally – accept) my 
> request to add RAND_add() method to the RNG that is used in generation of 
> private keys.
> 
> Well, I’ve been thinking about this for a bit, since you first raised it.  I 
> am still not sure of the need.  And as the blog post says, we’re not 
> convinced that the current DRBG arrangement is something that will never 
> change.  But I think a new API, RAND_add_ex that took a flag that had values 
> like RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE, RAND_LOCAL_PRIVATE 
> indicating which to seed. Thoughts?
> 
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


smime.p7s
Description: S/MIME cryptographic signature
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Work on a new RNG for OpenSSL

[Steffen Nurpmeso]

"Salz, Rich"  wrote:
 |Is this new RNG object available to user programs, or do they need
 |to reinvent the wheel even though they definitely link against the
 |OpenSSL library?
 |
 |You don’t have to re-invent the wheel, but you might have to modify \
 |the source ☺  Did you read the blog posting?  What wasn’t clear?

Ok.
Yes, and the linked thread on the crypto ML.
Nothing, sir.

--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter   he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev