[openssl-users] conversion of RAND_bytes to rand in fips apporved way

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 25 18:26:21 UTC 2018

On Wed, Jul 25, 2018 at 11:42:34PM +0530, Sudarshan Soma wrote:

> Now few applications are using libc rand function. For FIPS compliance,
> applications have to call approved SP 800-90A DRBG implementation.

If you're using libc's rand() for non-cryptographic purposes, you
can surely continue to do that.

> I was planning to replace libc rand with RAND_bytes for the same.
> But rand() returns max value of 32767.  Is there a recomended way to
> convert RAND_bytes to libc rand() something like this?

Since 16-bit random numbers do not provide any meaningful security,
it makes little sense to use a CSPRNG in a context where 16-bit
random values are sufficient.

> Please suggest. Is there a way to give number of bits instead of bytes  to
> RAND_bytes?

This is probably the wrong question.


More information about the openssl-users mailing list