Re: [openssl-dev] Work on a new RNG for OpenSSL
Is this new RNG object available to user programs, or do they need to reinvent the wheel even though they definitely link against the OpenSSL library? You don’t have to re-invent the wheel, but you might have to modify the source ☺ Did you read the blog posting? What wasn’t clear? -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Work on a new RNG for OpenSSL
"Salz, Rich via openssl-dev"wrote: |➢ But I’d like the development team to comment on (and ideally – accept) \ |my request to add RAND_add() method to the RNG that is used in generation \ |of private keys. | |Well, I’ve been thinking about this for a bit, since you first raised \ |it. I am still not sure of the need. And as the blog post says, we’re \ |not convinced that the current DRBG arrangement is something that will \ |never change. But I think a new API, RAND_add_ex that took a flag \ |that had values like RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE, \ |RAND_LOCAL_PRIVATE indicating which to seed. Thoughts? Is this new RNG object available to user programs, or do they need to reinvent the wheel even though they definitely link against the OpenSSL library? --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Work on a new RNG for OpenSSL
Offhand, I'd say it's a perfect solution. It allows me to mix in additional randomness when I want to the RNG that I think may need it. Exactly what I need. Thanks! P.S. I wonder if it's feasible to have a configuration parameter that would allow me to tell the TLS code to invoke RAND_add_ex() before generating session keys? Regards, Uri Sent from my iPhone > On Aug 18, 2017, at 19:42, Salz, Rich via openssl-dev >wrote: > > ➢ But I’d like the development team to comment on (and ideally – accept) my > request to add RAND_add() method to the RNG that is used in generation of > private keys. > > Well, I’ve been thinking about this for a bit, since you first raised it. I > am still not sure of the need. And as the blog post says, we’re not > convinced that the current DRBG arrangement is something that will never > change. But I think a new API, RAND_add_ex that took a flag that had values > like RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE, RAND_LOCAL_PRIVATE > indicating which to seed. Thoughts? > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Work on a new RNG for OpenSSL
"Salz, Rich"wrote: |Is this new RNG object available to user programs, or do they need |to reinvent the wheel even though they definitely link against the |OpenSSL library? | |You don’t have to re-invent the wheel, but you might have to modify \ |the source ☺ Did you read the blog posting? What wasn’t clear? Ok. Yes, and the linked thread on the crypto ML. Nothing, sir. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev