[openssl-dev] Work on a new RNG for OpenSSL
Paul Dale
paul.dale at oracle.com
Wed Jun 28 00:24:13 UTC 2017
The hierarchy of RNGs will overcome some of the performance concerns. Only the root needs to call getrandom().
I do agree that having a DRBG at the root level is a good idea though.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
From: Salz, Rich via openssl-dev [mailto:openssl-dev at openssl.org]
Sent: Wednesday, 28 June 2017 4:56 AM
To: Kaduk, Ben <bkaduk at akamai.com>; openssl-dev at openssl.org; Matt Caswell <matt at openssl.org>
Subject: Re: [openssl-dev] Work on a new RNG for OpenSSL
For windows RAND_bytes should just call CryptGenRandom (or its equiv). For modern Linux, probably call getrandom(2). For OpenBSD call arc4random().
Getrandom() is a syscall, and I have concerns about the syscall performance. I would rather feed getrandom (or /dev/random if that’s not available) into a FIPS DRBG generator.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170627/9fd462f6/attachment-0001.html>
More information about the openssl-dev
mailing list