RE: Alternate RAND_poll for XP/2003 Server/Vista

[Adrià Massanet]

Well, rtlGenRandom is cryptographic-provider independent. So, I assume that this is the "Windows Way" to get a random data (but in the other hand MSDN page says that is not a standard call), instead CryptGenRandom that is crypto-provider dependent. Is possible that both results are equal in practice, but I think not in concept (too theory?) I'm thinking in rtlGenRandom like /dev/random, but possibly are not the same.   The problem here is that there's no way to get the advantage trusting in rtlGenRandom / CryptGenRandom. Perhaps this option must be compile-time or definable in runtime.   Adrià     -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Steven Reddie Enviado el: jueves, 01 de diciembre de 2005 14:46 Para: openssl-dev@openssl.org Asunto: RE: Alternate RAND_poll for XP/2003 Server/Vista   That's an interesting blog article.  The 2nd comment is by the author and lists the entropy sources.  I recall there was discussion on this list quite some time ago where it was stated that OpenSSL wouldn't use only the CryptoAPI random number generator since Microsoft hadn't provided details of how the entropy was gathered.  Perhaps the information in that post provides enough detail to warrant dropping all of the heap walking guff that has been known to trip up OpenSSL on occasion.   Adria, RAND_poll already calls CryptGenRandom doesn't it?  You could probably just comment out all of the other code to get the same result.   Steven   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrià Massanet Sent: Thursday, 1 December 2005 11:41 PM To: openssl-dev@openssl.org Subject: Alternate RAND_poll for XP/2003 Server/Vista Hi all,   I’m using OpenSSL as a module in PHP (php_openssl), and I need to call the CGI page may times per second  but the initialization process in RAND_poll is too slow.   I’m thinking to modify OpenSSL to use the rtlGenRandom call available in XP/2003 Server/Vista OSs (see http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx for comments on rtlGenRandom )   the new function likes:     int RAND_poll() { if_any_error_in_block_return_old_RAND_poll() {   HMODULE hlib; BOOLEAN (APIENTRY *rtlgenrandom)(void*, ULONG); char buffer[1024]; int c;   hlib=(HMODULE)LoadLibrary("ADVAPI32.DLL"); tlgenrandom=(BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hlib,"SystemFunction036"); for(c=0;c<1+(ENTROPY_NEEDED/sizeof(buffer));++c) {             rtlgenrandom(buffer,sizeof(buffer)):             RAND_add(buffer,sizeof(buffer),sizeof(buffer)); }               } }   a bad idea? Any thing bad here?   Thanks in advance,   Adrià