Dimitri John Ledkov
Dimitri John Ledkov
> `RAND_set_DRBG_type()` (or the configuration equivalent), could be used to set the RNG source and the chaining/primary ignore. I.e. don't use a DRBG at all. I'm reading documentation for set_DRBG_type...
> It is possible to set seed-src as the DRBG RNG and it will be used (& the parent chains ignored). > Can you explain how? becuase seed-src currently affects...
> This is meant to work, using SEED-SRC for all three "DRBGs": > > ``` > config_diagnostics = 1 > openssl_conf = openssl_init > > [openssl_init] > random = random...
> Is #25220 a workable alternative? > I was redoing tests to do stuff closer to your suggestion above with effectively returning primary whenever public/private is requested. I should push...
> I've got another idea too. Have a configuration option that parents the public and private DRBGs from the seed source not the primary. That might be an overall cleaner...
In this PR for both public and private I do this: ``` rand = rand_new_drbg(ctx, dgbl->chain ? primary : dgbl->seed, SECONDARY_RESEED_INTERVAL, SECONDARY_RESEED_TIME_INTERVAL, 0); ``` Where dgbl->chain setting comes through configuration,...
> My hunch is that you need to instantiate the seed source manually. A NULL parent is acceptable for a DRBG after all. I'll circle back tomorrow if I get...
> This is the gist of what I proposed yesterday: > > ```diff > diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c > index e692fe7534..772604216b 100644 > --- a/crypto/rand/rand_lib.c > +++ b/crypto/rand/rand_lib.c > @@...
> This is the gist of what I proposed yesterday: Proposing similar to that (which is now merged in https://github.com/openssl/openssl/pull/25415) for the default provider in 3.5 as well; such that...
> I discovered it testing [mountpoint-s3](https://github.com/awslabs/mountpoint-s3) and get it's generally not advisable to write to storage locations like these. melange does a lot of in-place changes, and any network i/o...