RDRAND and engine (was: how to generate EC public key from EC private key)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you - employing the pointers (no pun intended :) that you gave, the
code now is doing exactly what?s needed, and utilizes RDRAND (as required
by the specs I have, and my personal preferences as well).

>	set the default RAND_method to the engine


This is what I did not do originally - fixed now.

P.S. I wonder if there?s a way for the application (that did NOT set the
environment by itself - think a function or a module called by somebody
else) can verify that, e.g., RAND_METHOD is what it wants (say, RDRAND in
my case), rather than what it is NOT (e.g., not RAND_SSLeay()).
-- 
Regards,
Uri Blumenthal





On 3/22/16, 20:11 , "openssl-users on behalf of Jeffrey Walton"
<openssl-users-bounces at openssl.org on behalf of noloader at gmail.com> wrote:

>On Tue, Mar 22, 2016 at 6:54 PM, Jeffrey Walton <noloader at gmail.com>
>wrote:
>>> Now one small question: how do I ensure that ?RAND_engine (and
>>>therefore Intel RDRAND output) is being used for the key generation in
>>>    EVP_PKEY_keygen(ctx, &newkey);
>>>
>>> Is just loading RAND_engine enough for that??
>>> ?
>>
>> To verify it, I think you need to inspect the default RAND method. Its
>> going to look something like:
>>
>>   RAND_METHOD* rm = RAND_get_rand_method();
>>   if(rm == RAND_SSLeay())
>>   {
>>       printf("Using default generator\n");
>>   }
>>
>> Also see https://wiki.openssl.org/index.php/Random_Numbers#Generators.
>> RDRAND is discussed there, too. But I don't recall how much detail is
>> provided.
>
>Ah, its right there. I should have checked earlier
>(http://wiki.openssl.org/index.php/Random_Numbers#Hardware):
>
>To ensure RAND_bytes uses the [RDRAND] hardware engine, you must
>perform three steps:
>
>   * load the rdrand engine
>   * acquire a handle to the engine
>   * set the default RAND_method to the engine
>
>It also provides the sample code.
>
>Jeff
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160324/9d2abbae/attachment.bin>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux