New RNG in Libgcrypt

Werner Koch wk at
Mon Dec 3 20:58:22 CET 2012


I just pushed a change for 1.6 which allows to select a different RNG
type.  Here is the commit message:

    random: Add a RNG selection interface and system RNG wrapper.
    * random/random-system.c: New.
    * random/ (librandom_la_SOURCES): Add new module.
    * random/random.c (struct rng_types): New.
    (_gcry_set_preferred_rng_type, _gcry_get_rng_type): New.
    (_gcry_random_initialize, gcry_random_add_bytes, do_randomize)
    (_gcry_set_random_seed_file, _gcry_update_random_seed_file)
    (_gcry_fast_random_poll): Dispatch to the actual RNG.
    (gcry_rng_types): New.
    * src/global.c (print_config): Print the TNG type.
    (global_init, _gcry_vcontrol): Implement the new control codes.
    * doc/gcrypt.texi (Controlling the library): Document the new control
    * tests/benchmark.c (main): Add options to test the RNG types.
    * tests/random.c (main): Add new options.
    (print_hex): Print to stderr.
    (progress_cb, rng_type): New.
    (check_rng_type_switching, check_early_rng_type_switching): New.
    (run_all_rng_tests): New.
    The purpose of this change is to allow applications with moderate
    random requirements to use the system's RNG (e.g. /dev/urandom).  The
    type switching logic makes sure that existing applications won't be
    affected by this change.  A library is in almost all cases not able to
    degrade the quality of the RNG.  The definition of "degrade" comes
    from our own assertion of the quality/trustworthiness of the RNGs:
    The most trustworthy RNG is the CSPRNG which dates back to the early
    GnuPG days.  It is quite conservative and often requires more seeding
    than might be justified.  GCRY_RNG_TYPE_STANDARD is the default unless
    the process is in FIPS mode.
    The second trustworthy RNG is the FIPS recommended X9.81 AES based
    implementation.  It is seeded by the system's RNG.  GCRY_RNG_TYPE_FIPS
    is the only available RNG if running in FIPS mode.
    The third trustworthy RNG is a mere wrapper around the system's native
    RNG.  Thus there is no extra step on top of what, for example,
    /dev/random provides.  GCRY_RNG_TYPE_SYSTEM may be used by
    applications which would use /dev/random or /dev/urandom instead.

Any comments or questions?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list