In message <[EMAIL PROTECTED]> on Sat, 22 Nov 2003 16:01:35 -0500, Geoff Thorpe <[EMAIL PROTECTED]> said:
geoff> Yeah, I understand your point of view. I'm not going to geoff> interfere in your choice of which way to go, I just wanted to geoff> raise what I see as a potential problem; namely that correct geoff> use of the openssl API by application source may be totally geoff> solid and "as it should be", yet might need source changes to geoff> appease users of one (or more) optional plugin engines, just geoff> because those engines have severe limitations in furnishing geoff> data as is traditionally expected from RAND_METHOD usage. Hmm, I see what you're saying. It seems to me like the points you're raising get in conflict with each other. On one hand, you've raised the point that changing the behavior of the hwcrhk_rand_bytes() would be a kind of betrail (sp?) of what has been promised with the current code in terms of security. On the other hand, leaving the choice to the user becomes another issue of forcing them to change their code. I feel that we need to make a compromise somewhere, or perhaps simply not bother with it (and thereby leaving it to the user to make ugly hacks to get around the performance problem that they see). Of course: geoff> BTW: are you sure that it's not just a question of the ncipher geoff> RAND_METHOD implementation being over-enthusiastic? I'm looking geoff> at "hwcrhk_rand" right now, and I see that the "bytes()" and geoff> "pseudorand()" handlers are linked to the same hwcrhk_rand_bytes() geoff> function. Presumably only "bytes()" *needs* to come from the geoff> hardware/driver - and "pseudorand()" could perhaps be generated geoff> in software from hardware/driver seeding? ... leads to the possible conclusion that putting together a hwcrhk_rand_pseudobytes() that did what I proposed earlier (having it check a init flag and possibly seed the OpenSSL pool with hardware entropy, then call RAND_SSLeay()->pseudorand()) would be a possible route. Geoff, I don't want to make a unilateral decision here. I'd much more prefer to implement something we've thought out in some kind of concensus form. I deeply value your opinion, as well as everyone else's. ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. You don't have to be rich, a $10 donation is appreciated! -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
