Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: [Question] Forcing libcurl to use hardware randomization
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Henrik Holst via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 6 Mar 2023 23:42:28 +0100
Looking at https://wiki.openssl.org/index.php/Random_Numbers I see the
following:
To ensure RAND_bytes
<https://wiki.openssl.org/index.php?title=Manual:RAND_bytes(3)&action=edit&redlink=1>
uses the hardware engine, you must perform three steps:
- load the rdrand engine
- acquire a handle to the engine
- set the default RAND_method to the engine
So it looks like OpenSSL does sw rng by default and then you have to use
their engine API to set up support for any hw rng.
/HH
Den mån 6 mars 2023 kl 23:30 skrev Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se>:
> On Mon, 6 Mar 2023, rsbecker_at_nexbridge.com wrote:
>
> > So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl?
>
> curl calls OpenSSL's RAND_bytes(), yes.
>
> I don't know how that works or what exact mechanism it will use beyond
> what
> they document. Their man page does not mention hardware support:
>
> https://www.openssl.org/docs/man3.0/man3/RAND_bytes.html
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>
Date: Mon, 6 Mar 2023 23:42:28 +0100
Looking at https://wiki.openssl.org/index.php/Random_Numbers I see the
following:
To ensure RAND_bytes
<https://wiki.openssl.org/index.php?title=Manual:RAND_bytes(3)&action=edit&redlink=1>
uses the hardware engine, you must perform three steps:
- load the rdrand engine
- acquire a handle to the engine
- set the default RAND_method to the engine
So it looks like OpenSSL does sw rng by default and then you have to use
their engine API to set up support for any hw rng.
/HH
Den mån 6 mars 2023 kl 23:30 skrev Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se>:
> On Mon, 6 Mar 2023, rsbecker_at_nexbridge.com wrote:
>
> > So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl?
>
> curl calls OpenSSL's RAND_bytes(), yes.
>
> I don't know how that works or what exact mechanism it will use beyond
> what
> they document. Their man page does not mention hardware support:
>
> https://www.openssl.org/docs/man3.0/man3/RAND_bytes.html
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-03-06