Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: [Question] Forcing libcurl to use hardware randomization
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Randall via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 5 Mar 2023 16:30:36 -0500
On Sunday, March 5, 2023 4:21 PM, Daniel Stenberg wrote:
>On Sun, 5 Mar 2023, Randall via curl-library wrote:
>> I have a curl built with OpenSSL. The built of OpenSSL uses hardware
>> randomization on the platform using _rdrand64(). When I use libcurl,
>> typically through git, I end up with an open to PRNGD, which is not
>> desirable. I'm wondering whether there is a configuration setting that
>> I am missing from curl to force this, or whether I should contribute
>> code to access the x86 hardware randomizer directly. There is no
>> /dev/urandom or /dev/random on this platform, aside from it being
>> POSIX compliant. Curl is configured as follows:
>
>When built to use OpenSSL, curl will call OpenSSL's RAND_bytes() function
for
>random. If you can make that use your hardware or not is probably a
question for
>OpenSSL. I don't know.
I've been working with the OpenSSL team to debug. Going direct to RAND_bytes
through the openssl program, always gets to the hardware RNG. It is only
when we go through git, via libcurl, that some component is going to PRNGD.
I'm trying to track down the circumstances.
--Randall
Date: Sun, 5 Mar 2023 16:30:36 -0500
On Sunday, March 5, 2023 4:21 PM, Daniel Stenberg wrote:
>On Sun, 5 Mar 2023, Randall via curl-library wrote:
>> I have a curl built with OpenSSL. The built of OpenSSL uses hardware
>> randomization on the platform using _rdrand64(). When I use libcurl,
>> typically through git, I end up with an open to PRNGD, which is not
>> desirable. I'm wondering whether there is a configuration setting that
>> I am missing from curl to force this, or whether I should contribute
>> code to access the x86 hardware randomizer directly. There is no
>> /dev/urandom or /dev/random on this platform, aside from it being
>> POSIX compliant. Curl is configured as follows:
>
>When built to use OpenSSL, curl will call OpenSSL's RAND_bytes() function
for
>random. If you can make that use your hardware or not is probably a
question for
>OpenSSL. I don't know.
I've been working with the OpenSSL team to debug. Going direct to RAND_bytes
through the openssl program, always gets to the hardware RNG. It is only
when we go through git, via libcurl, that some component is going to PRNGD.
I'm trying to track down the circumstances.
--Randall
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-03-05