curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: [Question] Forcing libcurl to use hardware randomization

From: Cristian Rodríguez via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 6 Mar 2023 10:07:58 -0300

On Sun, Mar 5, 2023 at 1:33 PM Randall via curl-library
<curl-library_at_lists.haxx.se> wrote:
>
> Hi Curl,
>
> I have a curl built with OpenSSL. The built of OpenSSL uses hardware
> randomization on the platform using _rdrand64(). When I use libcurl,
> typically through git, I end up with an open to PRNGD, which is not
> desirable. I'm wondering whether there is a configuration setting that I am
> missing from curl to force this, or whether I should contribute code to
> access the x86 hardware randomizer directly. There is no /dev/urandom or
> /dev/random on this platform, aside from it being POSIX compliant. Curl is
> configured as follows:
>
> CFLAGS="-c99" CPPFLAGS="-D_XOPEN_SOURCE_EXTENDED=1 -WIEEE_float
> -I/usr/local/openssl/include" LDFLAGS="-L/usr/local/lib" ./configure
> --with-ssl=/usr/local --with-ca-path=/usr/local/ssl/certs --disable-pthreads
> --disable-threaded-resolver --enable-ipv6
>
> Thanks in advance,
> Randall
>
> --
> Brief whoami: NonStop&UNIX developer since approximately
> UNIX(421664400)
> NonStop(211288444200000000)
> -- In real life, I talk too much.

I strongly suggest you against this approach, There are buggy CPUs
with buggy rdrand, there are a number of pitfalls.
Most current operating systems have either getentropy, getrandom,
arc4random or a documentred platform-specific RNG. USE THAT INSTEAD.

If there is really only rdrand (I really doubt that) on this exotic
system, google "fast key erasure rng AES-NI"

something like https://github.com/jedisct1/aes-stream should do it.
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-03-06