[openssl-users] conversion of RAND_bytes to rand in fips apporved way
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jul 25 18:26:21 UTC 2018
On Wed, Jul 25, 2018 at 11:42:34PM +0530, Sudarshan Soma wrote:
> Now few applications are using libc rand function. For FIPS compliance,
> applications have to call approved SP 800-90A DRBG implementation.
If you're using libc's rand() for non-cryptographic purposes, you
can surely continue to do that.
> I was planning to replace libc rand with RAND_bytes for the same.
>
> But rand() returns max value of 32767. Is there a recomended way to
> convert RAND_bytes to libc rand() something like this?
Since 16-bit random numbers do not provide any meaningful security,
it makes little sense to use a CSPRNG in a context where 16-bit
random values are sufficient.
> Please suggest. Is there a way to give number of bits instead of bytes to
> RAND_bytes?
This is probably the wrong question.
--
Viktor.
More information about the openssl-users
mailing list