Re: [Question] Forcing libcurl to use hardware randomization

On Mon, Mar 6, 2023 at 7:30 PM Daniel Stenberg wrote: > > On Mon, 6 Mar 2023, rsbec...@nexbridge.com wrote: > > > So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl? > > curl calls OpenSSL's RAND_bytes(), yes. > > I don't know how that works or what exact mechanism it will use beyon

Re: [Question] Forcing libcurl to use hardware randomization

Looking at https://wiki.openssl.org/index.php/Random_Numbers I see the following: To ensure RAND_bytes uses the hardware engine, you must perform three steps: - load the rdrand engine - acquire a handle to

RE: [Question] Forcing libcurl to use hardware randomization

On Mon, 6 Mar 2023, rsbec...@nexbridge.com wrote: So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl? curl calls OpenSSL's RAND_bytes(), yes. I don't know how that works or what exact mechanism it will use beyond what they document. Their man page does not mention hardware sup

RE: [Question] Forcing libcurl to use hardware randomization

On Monday, March 6, 2023 5:20 PM, Daniel Stenberg wrote: >On Mon, 6 Mar 2023, Randall via curl-library wrote: > >> Is the answer that hardware RNG is not supported by curl at all? > >No, curl does not support hardware RNG. > >curl uses the TLS library's random functionality, which may or may not su

RE: [Question] Forcing libcurl to use hardware randomization

On Mon, 6 Mar 2023, Randall via curl-library wrote: Is the answer that hardware RNG is not supported by curl at all? No, curl does not support hardware RNG. curl uses the TLS library's random functionality, which may or may not support a hardware RNG. -- / daniel.haxx.se | Commercial cu

RE: [Question] Forcing libcurl to use hardware randomization

On Monday, March 6, 2023 3:21 PM, Cristian Rodríguez wrote: >On Mon, Mar 6, 2023 at 10:54 AM wrote: > >> This platform has limited porting capabilities. The Xeon x86 HRNG is highly >> stable >and verified on this platform - this is not one of the flakey HRNG processors. >Its use >has passed all

Re: [Question] Forcing libcurl to use hardware randomization

On Mon, Mar 6, 2023 at 10:54 AM wrote: > This platform has limited porting capabilities. The Xeon x86 HRNG is highly > stable and verified on this platform - this is not one of the flakey HRNG > processors. Its use has passed all sorts of randomness tests and is far > better than PRNGD (can't

RE: [Question] Forcing libcurl to use hardware randomization

On Monday, March 6, 2023 8:08 AM, Cristian Rodríguez wrote: >On Sun, Mar 5, 2023 at 1:33 PM Randall via curl-library > >wrote: >> I have a curl built with OpenSSL. The built of OpenSSL uses hardware >> randomization on the platform using _rdrand64(). When I use libcurl, >> typically through git, I

Re: [Question] Forcing libcurl to use hardware randomization

On Sun, Mar 5, 2023 at 1:33 PM Randall via curl-library wrote: > > Hi Curl, > > I have a curl built with OpenSSL. The built of OpenSSL uses hardware > randomization on the platform using _rdrand64(). When I use libcurl, > typically through git, I end up with an open to PRNGD, which is not > desira

RE: [Question] Forcing libcurl to use hardware randomization

On Sunday, March 5, 2023 4:21 PM, Daniel Stenberg wrote: >On Sun, 5 Mar 2023, Randall via curl-library wrote: >> I have a curl built with OpenSSL. The built of OpenSSL uses hardware >> randomization on the platform using _rdrand64(). When I use libcurl, >> typically through git, I end up with an op

Re: [Question] Forcing libcurl to use hardware randomization

On Sun, 5 Mar 2023, Randall via curl-library wrote: I have a curl built with OpenSSL. The built of OpenSSL uses hardware randomization on the platform using _rdrand64(). When I use libcurl, typically through git, I end up with an open to PRNGD, which is not desirable. I'm wondering whether the

[Question] Forcing libcurl to use hardware randomization

Hi Curl, I have a curl built with OpenSSL. The built of OpenSSL uses hardware randomization on the platform using _rdrand64(). When I use libcurl, typically through git, I end up with an open to PRNGD, which is not desirable. I'm wondering whether there is a configuration setting that I am missing