[openssl-dev] Work on a new RNG for OpenSSL
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Aug 23 16:27:49 UTC 2017
> So I guess you want an interface that can both add things to the
> "entropy" pool, and to the "additional data" pool? It shouldn't
> be that hard, I'll try to come up with some proposal soon.
I’d say the interface that Rich Salz proposed would be good enough:
> … But I think a new API, RAND_add_ex() that took a flag that had values like
> RAND_ADD_GLOBAL, RAND_ADD_LOCAL, RAND_ADD_PRIVATE,
> RAND_LOCAL_PRIVATE indicating which to seed. Thoughts?
It exposes what’s necessary, but nothing more. Another benefit – malicious input would not compromise the entropy pool.
> We should think carefully about what API’s we are exposing, and might want to wait for 1.1.2
Nothing wrong with thinking about what API to expose, and how. Since 1.1.1 is what’s currently being shaped – there’s no reason to postpone that thinking. Especially since the RNG/DRBG work is being done on 1.1.1 now, and this is a part of it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170823/3e3ce563/attachment.bin>
More information about the openssl-dev
mailing list