Thanks very much for valuable suggestions.
Few applciations like RADIUS/TACACS+/snmp protocol (IV generation for AES)
are using rand functions. As they are related to security, i am changing the
rand function used by them.
and as long as the 15 least-significant bits of the output of
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of William Roberts
> Sent: Wednesday, July 25, 2018 13:00
>
> >unsigned char bytes[2];
> >RAND_bytes(bytes, 2);
> >return (bytes[0] | (bytes[1] << 8)) & 0x7fff;
>
> You can ditch the shift logic. Offhand, i'm
On Wed, Jul 25, 2018 at 11:30 AM, Michael Wojcik
wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
>> Sudarshan Soma
>> Sent: Wednesday, July 25, 2018 12:13
>
>> But rand() returns max value of 32767 . Is there a recomended way to
>> convert RAND_bytes to
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Sudarshan Soma
> Sent: Wednesday, July 25, 2018 12:13
> But rand() returns max value of 32767 . Is there a recomended way to
> convert RAND_bytes to libc rand()
> something like this?
> unsigned char buf[2];
>
On Wed, Jul 25, 2018 at 11:42:34PM +0530, Sudarshan Soma wrote:
> Now few applications are using libc rand function. For FIPS compliance,
> applications have to call approved SP 800-90A DRBG implementation.
If you're using libc's rand() for non-cryptographic purposes, you
can surely continue to
If RAND_MAX is a power of 2, then just ask RAND_bytes for the right number of
bytes (four for 32768) and use bit-shifting to pack the value.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi, we have linked FIPS compliant openssl version against our applications.
Now few applications are using libc rand function. For FIPS compliance,
applications have
to call approved SP 800-90A DRBG implementation. I was planning to replace
libc rand with RAND_bytes
for the same.
But rand()