Re: [openssl-users] RNG behavior by default

Steffen Nurpmeso wrote in <20190107183136.-ew61%stef...@sdaoden.eu>: ... | ... ||RAND_bytes() has always documented that it can fail. Most function ... |So, to me.., i do not see any possible error condition, since the |initial seeding has been testified with RAND_status(). | |This is dif

Re: [openssl-users] RNG behavior by default

Jakob Bohm via openssl-users wrote in <07f4dea3-1a62-0c8c-76a4-cbe56abc8\ 7...@wisemo.com>: |On 07/01/2019 22:31, Steffen Nurpmeso wrote: |> Good evening. |> |> Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\ |> 8...@wisemo.com>: |>|Small corrections below: |>| ...

Re: [openssl-users] RNG behavior by default

On 07/01/2019 22:31, Steffen Nurpmeso wrote: > Good evening. > > Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\ > 8...@wisemo.com>: > |Small corrections below: > | ... Note that I do not represent the project at all, I am just another user trying to help you. As s

Re: [openssl-users] RNG behavior by default

Good evening. Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\ 8...@wisemo.com>: |Small corrections below: | |On 07/01/2019 19:31, Steffen Nurpmeso wrote: | ||... |||RAND_load_file() and all this stuff. Just make sure the os entropy \ |||sources |||are available an

Re: [openssl-users] RNG behavior by default

Small corrections below: On 07/01/2019 19:31, Steffen Nurpmeso wrote: ... |> That is really bad. Of course you had to do it like this, and you |> surely have looked around to see what servers and other software |> which use OpenSSL do with the PRNG afte

Re: [openssl-users] RNG behavior by default

A wonderful Monday in the beautiful Winter time i wish. I am sorry for the late reply again, i got a bug report for the mailer i maintain, and from a long time user. I hope it is ok that i compress the answers in one message, i am talking much too much... Kurt Roeckx wrote in <20190105221506.ga18

Re: [openssl-users] RNG behavior by default

> |Both manpages got an update during the DRBG rewrite (by me) and I don't > |see any contradiction. You bring it to the point yourself: > > I had a superficial look yesterday, but i think i have to reread > them in total, anyway. Yes, please start with RAND(7) and RAND_DRBG(7). > That is real

Re: [openssl-users] RNG behavior by default

On Sat, Jan 05, 2019 at 08:33:18PM +0100, Steffen Nurpmeso wrote: > > (I am also really interested and will look into OpenSSL to see if > the abort() that seems to happen if the initial seed fails is in > a linker-resolved constructor, and if not, why later failures do > not also abort. We do not

Re: [openssl-users] RNG behavior by default

Dr. Matthias St. Pierre wrote in : |I agree with Kurt, except for one point: | |> The RAND_bytes and RAND_status manpages can clearly be improved. | |Both manpages got an update during the DRBG rewrite (by me) and I don't |see any contradiction. You bring it to the point yourself: I had a su

Re: [openssl-users] RNG behavior by default

Good evening. Please excuse the late reply. Kurt Roeckx wrote in <20190104180735.ga25...@roeckx.be>: |On Fri, Jan 04, 2019 at 02:48:48PM +0100, Steffen Nurpmeso wrote: |> Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ |> ncp.local>: ... |>|2. If something goes wron

Re: [openssl-users] RNG behavior by default

On Sat, Jan 05, 2019 at 08:45:37AM +1000, Dr Paul Dale wrote: > I’m not sure about the quality of Android’s sources, but would expect them to > be decent. Android is just a Linux kernel. It always had /dev/urandom. Oreo (8.0) requires at least Linux kernel 4.4. There were no requirements for the

Re: [openssl-users] RNG behavior by default

I agree with Kurt, except for one point: > The RAND_bytes and RAND_status manpages can clearly be improved. Both manpages got an update during the DRBG rewrite (by me) and I don't see any contradiction. You bring it to the point yourself: > So _IF_ it is seeded it is seeded... It is true that

Re: [openssl-users] RNG behavior by default

I know that iOS (which was listed) has a good randomness source (SecRandomCopyBytes ) but I don’t think OpenSSL uses it yet. I’m not sure about the quality of Android’s sources, but would expect them to be decent.

Re: [openssl-users] RNG behavior by default

On Fri, Jan 04, 2019 at 02:48:48PM +0100, Steffen Nurpmeso wrote: > Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ > ncp.local>: > |> So my concerns are: > |> 1. Whether I really can count on getting a high-entropy PRNG across \ > |> these various platforms, without an

Re: [openssl-users] RNG behavior by default

Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\ ncp.local>: |> So my concerns are: |> 1. Whether I really can count on getting a high-entropy PRNG across \ |> these various platforms, without any explicit initialization. | |Yes, for the mentioned platforms, the defaul

Re: [openssl-users] RNG behavior by default

> So my concerns are: > 1. Whether I really can count on getting a high-entropy PRNG across these > various platforms, without any explicit initialization. Yes, for the mentioned platforms, the default configuration is `--with-rand-seed=os`, which means the DRBG automatically seeds and reseeds u

Re: [openssl-users] RNG behavior by default

On Thu, Jan 03, 2019 at 11:03:01AM -0500, Mike Blaguszewski wrote: > I am using the EVP API (version 1.1.1) for performing public key and > symmetric key operations across a variety of platforms (macOS, Windows, > Linux, iOS and Android). I am currently not doing anything to explicitly seed > Op

[openssl-users] RNG behavior by default

I am using the EVP API (version 1.1.1) for performing public key and symmetric key operations across a variety of platforms (macOS, Windows, Linux, iOS and Android). I am currently not doing anything to explicitly seed OpenSSL’s random number generator. My understanding is that the default behav