[openssl-dev] Work on a new RNG for OpenSSL

[Kurt Roeckx]

On Mon, Aug 21, 2017 at 03:56:29PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:
> >> P.S. I wonder if it's feasible to have a configuration parameter that would allow me to tell the TLS code to invoke RAND_add_ex() before generating session keys?
> >        
> > Either you accept that NIST SP 90A is right, or you just bypass it completely.  We’re in the first camp.  
> 
> You mean NIST SP 800-90A, released Jan 2012 and withdrawn Jun 2015? With Rev 1 *draft* currently available (released Jun 2015)?  ;-)
> 
> I’m glad you agree that “it is right”, because in our argument it supports my side over yours. Let’s go through the 90A Rev 1 draft http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf:
> 
> Page 11 Section 7 provides a functional model of a DRBG (Figure 1), clearly showing “additional input” for both the Reseed Function and the Generate Function.  The text says “… and may include additional optional sources, including … additional input.”

I at least have a plan to add additional data, but probably not in
the current idea was probably not the way you would like to see it.
My idea was to query at least various sources that we don't
attribute any entropy to, like getpid(), gettimeofday(),
clock_gettime(), the TSC, ... It might also use things like RDRAND
/ RDSEED which we don't trust.

So I guess you want an interface that can both add things to the
"entropy" pool, and to the "additional data" pool? It shouldn't
be that hard, I'll try to come up with some proposal soon.


Kurt