curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: [Question] Forcing libcurl to use hardware randomization

From: Henrik Holst via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 6 Mar 2023 23:42:28 +0100

Looking at https://wiki.openssl.org/index.php/Random_Numbers I see the
following:

To ensure RAND_bytes
<https://wiki.openssl.org/index.php?title=Manual:RAND_bytes(3)&action=edit&redlink=1>
uses the hardware engine, you must perform three steps:

   - load the rdrand engine
   - acquire a handle to the engine
   - set the default RAND_method to the engine

So it looks like OpenSSL does sw rng by default and then you have to use
their engine API to set up support for any hw rng.

/HH

Den mån 6 mars 2023 kl 23:30 skrev Daniel Stenberg via curl-library <
curl-library_at_lists.haxx.se>:

> On Mon, 6 Mar 2023, rsbecker_at_nexbridge.com wrote:
>
> > So if OpenSSL RAND_bytes() goes to the HRNG by default, will curl?
>
> curl calls OpenSSL's RAND_bytes(), yes.
>
> I don't know how that works or what exact mechanism it will use beyond
> what
> they document. Their man page does not mention hardware support:
>
> https://www.openssl.org/docs/man3.0/man3/RAND_bytes.html
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
> --
> Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
> Etiquette: https://curl.se/mail/etiquette.html
>


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-03-06