20 Feb
2016
20 Feb
'16
7:17 p.m.
On 19 Feb 2016, at 20:54, Ruben Undheim
<ruben.undheim(a)gmail.com> wrote:
I explored 2nd and gnutls calls gcrypt so I looked at gcry_randomize[1]. In comparison to
the OpenSSL RNAD_bytes documentation I feel a lot is missing. RAND_bytes will fail if the
RNG is not seeded, I don't see anything like this in gcry_randomize documentation. Do
I really need to call gcry_check_version or is it okay to not call it?
I will not do this weekend, but please ping me if there is not progress in the weeks to
come. I think we roughly need to do:
* Call gcry_check_version in the main routine of apps using it
* Switch to use gcry_randomize
holger
[1]
https://gnupg.org/documentation/manuals/gcrypt/Retrieving-random-numbers.ht…
[2] https://www.openssl.org/docs/manmaster/crypto/RAND_bytes.html
1.) You link against libgnutls-openssl-dev which
provides a wrapper for RAND_bytes.
2.) We move to GNUtls (or gcrypt?) to call the function that RAND_bytes is wrapped around
(after reading the documentation)
3.) We use GNU nettle and their yarrow-256 implementation (assuming that is a smart
move)?
Thanks.
I did #1. Here's the patch: