<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Honestly, I’d like to add CPU Jitter to OpenSSL as one of its default entropy sources.<div class="">I dread the effort that this would entail.</div><div class=""><br class=""></div><div class="">Pauli<br class=""><div class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">-- <br class="">Dr Paul Dale | Distinguished Architect | Cryptographic Foundations <br class="">Phone +61 7 3031 7217<br class="">Oracle Australia</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline">
</div>

<div><br class=""><blockquote type="cite" class=""><div class="">On 16 Aug 2019, at 8:28 pm, Chitrang Srivastava <<a href="mailto:chitrang.srivastava@gmail.com" class="">chitrang.srivastava@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Thanks Pauli,<div class=""><br class=""></div><div class="">I did checked CPU Jitter and it looks promising. It has openssl engine support too.</div><div class="">So i guess I have to add this add provide OS specific calls and it should work.</div><div class="">Will keep you posted.</div><div class=""><br class=""></div><div class="">Thanks,</div><div class=""><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 16, 2019 at 3:15 PM Dr Paul Dale <<a href="mailto:paul.dale@oracle.com" class="">paul.dale@oracle.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class="">I investigated HAVEGE fairly deeply a couple of years ago.  I am completely in agreement with the basis of this source, however the sticking point was the “expansion” phase.  Essentially, every bit of entropy gathered is turned into (just under) thirty two bits of “entropy”.  This is logically and physically impossible.  As a source, it appears reasonable to the usual tests (i.e. dieharder), although <a href="https://en.wikipedia.org/wiki/TestU01" target="_blank" class="">TestU01</a> does pick up on it being less than ideal.<div class=""><br class=""></div><div class="">I would, however, recommend Stephan Müller's <a href="https://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html" target="_blank" class="">CPU Jitter</a>.  The gathering is well researched and performed, no hidden tricks are present and the bits produces are equiprobable.<br class=""><div class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Pauli</div><div class=""><div class="">
<div dir="auto" style="overflow-wrap: break-word;" class=""><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none;" class="">-- <br class="">Dr Paul Dale | Distinguished Architect | Cryptographic Foundations <br class="">Phone +61 7 3031 7217<br class="">Oracle Australia</div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none;" class=""><br class=""></div><br class="gmail-m_306174500190338971Apple-interchange-newline"></div><br class="gmail-m_306174500190338971Apple-interchange-newline">
</div>

<div class=""><br class=""><blockquote type="cite" class=""><div class="">On 16 Aug 2019, at 7:31 pm, Robert Moskowitz <<a href="mailto:rgm@htt-consult.com" target="_blank" class="">rgm@htt-consult.com</a>> wrote:</div><br class="gmail-m_306174500190338971Apple-interchange-newline"><div class="">
  
    
  
  <div bgcolor="#FFFFFF" class="">
    <br class="">
    <br class="">
    <div class="gmail-m_306174500190338971moz-cite-prefix">On 8/16/19 5:26 AM, Chitrang Srivastava
      wrote:<br class="">
    </div>
    <blockquote type="cite" class="">
      
      <div dir="ltr" class="">Hi,<br class="">
        <div class=""><br class="">
        </div>
        <div class="">I am working on an embedded platform and now ported openssl
          1.1.1b</div>
        <div class="">TLS 1.2/1.3 is working fine.</div>
        <div class="">While analysing random number , Rand pool initialization
          calls where I am returning like this , </div>
        <div class="">size_t <b class="">rand_pool_acquire_entropy</b>(RAND_POOL *pool)<br class="">
          {<br class="">
                  return rand_pool_entropy_available(pool);<br class="">
          }  <br class="">
        </div>
        <div class="">As noticed that <b class="">rand_unix.c</b> has an implementation
          wcih samples 2 bits of RTC, would that give enough entropy or
          any other recommendation to have enough entropy for embedded
          platforms?<br class="">
        </div>
      </div>
    </blockquote>
    <br class="">
    <br class="">
    Check out:    <a class="gmail-m_306174500190338971moz-txt-link-freetext" href="https://issihosts.com/haveged" target="_blank">https://issihosts.com/haveged</a><br class="">
    <br class="">
    I talk about it here:   
    <a class="gmail-m_306174500190338971moz-txt-link-freetext" href="http://www.htt-consult.com/CentOS7-armv7.html#RANDOMNESS" target="_blank">http://www.htt-consult.com/CentOS7-armv7.html#RANDOMNESS</a><br class="">
    <br class="">
    <br class="">
  </div>

</div></blockquote></div><br class=""></div></div></div></div></blockquote></div>
</div></blockquote></div><br class=""></div></body></html>