On Mon, Mar 6, 2023 at 7:30 PM Daniel Stenberg <dan...@haxx.se> wrote: > > On Mon, 6 Mar 2023, rsbec...@nexbridge.com wrote: > > > So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl? > > curl calls OpenSSL's RAND_bytes(), yes. > > I don't know how that works or what exact mechanism it will use beyond what > they document. Their man page does not mention hardware support: > > https://www.openssl.org/docs/man3.0/man3/RAND_bytes.html
It depends on which openSSL version. versions < 1.1.1 use a SHA1-based RNG for which rdrand is considered as a seed material if available. Current versions have a number of RNG providers so you have a bigger arsenal to shoot yourself in the foot if you wish so, defaults to NIST AES-CTR DRBG. RDRAND was last time I checked used as seed if available. Do not use this on Linux, call getentropy or getrandom instead, only the kernel has all the relevant information to make a decision about when to discard the RNG state and start over. Currently this is impossible to do in userspace (the kernel does not export such information) -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
