Difference between revisions of "Talk:Random Numbers"

From OpenSSLWiki
Jump to navigationJump to search
(Should we be promoting a commericla company section added)
 
(13 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== void * casting hack? ==
+
==Is RAND_poll part of the public API?==
 +
 
 +
I have removed the question about whether RAND_poll is considered part of the public API. The "rand" module contains two header files: rand.h and rand_locl.h. The first becomes part of the deployment when you install OpenSSL, whilst the latter does not. This is a common theme throughout the library. Basically anything in the *_locl.h header files should be considered private to the library, whilst anything that gets deployed should be considered part of the public API. Since RAND_poll is in rand.h (which gets deployed during installation) it should be considered part of the public API.
 +
 
 +
--[[User:Matt|Matt]] 12:26, 9 March 2013 (UTC)
 +
 
 +
: I think it would be good to get a clear statement of what constitutes the public API, because I'm getting conflicting messages.  You state that anything in an installed header file is part of the public API.  However, [[Contributions#Code_Maturity]] implies that functions are not part of the API until they are documented.  Since RAND_poll is not documented, that interpretation would suggested that RAND_poll is not yet "cast in stone" and is subject to change.
 +
 
 +
: --[[User:Ppelleti|Ppelleti]] 00:03, 19 March 2013 (UTC)
 +
 
 +
:: I don't think there is a conflict between what I said above, and what it says on [[Contributions#Code_Maturity]]. That page merely says that the API might not have completely settled down which might be the reason why there isn't any documentation. It doesn't say that the API is not "public" until its been documented.
 +
 
 +
:: --[[User:Matt|Matt]] 21:05, 19 March 2013 (UTC)
 +
 
 +
::: Sidestepping the semantics of what it means to be "public", the real question I'm getting at is whether we should be encouraging people to use RAND_poll?  Or did the OpenSSL developers leave RAND_poll undocumented on purpose?
 +
 
 +
::: --[[User:Ppelleti|Ppelleti]] 20:33, 20 March 2013 (UTC)
  
The thing about casting to void* and using "%p" just to print an unsigned long in hex seemed a little odd to me.  Am I missing something as to why "0x%lx" isn't a viable option?
+
:::: Well in my personal opinion, we should not avoid undocumented functions merely because they are undocumented. If you're going to do that you might as well forget anything that involves elliptic curve keys! :-)
  
--[[User:Ppelleti|Ppelleti]] 03:00, 8 March 2013 (UTC)
+
:::: --[[User:Matt|Matt]] 20:41, 20 March 2013 (UTC)
  
==Is RAND_poll part of the public API?==
+
::::: Matt, Ppelleti - I *thought* the indicator was capital versus lowercase. <tt>RAND_poll</tt> is public, <tt>rand_poll</tt> is private and should not be used. I believe Viktor said the same some time ago on the OpenSSL Users mailing list. I can't find the reference at the moment.
  
I have removed the question about whether RAND_poll is considered part of the public API. The "rand" module contains two header files: rand.h and rand_locl.h. The first becomes part of the deployment when you install OpenSSL, whilst the latter does not. This is a common theme throughout the library. Basically anything in the *_locl.h header files should be considered private to the library, whilst anything that gets deployed should be considered part of the public API. Since RAND_poll is in rand.h (which gets deployed during installation) it should be considered part of the public API.
+
::::: I also think presence/lack of documentation is a poor indicator. There's lots of stuff that's public that does not really have a man page.
  
--[[User:Matt|Matt]] 12:26, 9 March 2013 (UTC)
+
::::: [[User:Jwalton|Jwalton]] ([[User talk:Jwalton|talk]]) 18:52, 4 June 2015 (UTC)
  
 
==Should we be promoting a commercial company?==
 
==Should we be promoting a commercial company?==
Line 16: Line 32:
  
 
--[[User:Matt|Matt]] 12:33, 9 March 2013 (UTC)
 
--[[User:Matt|Matt]] 12:33, 9 March 2013 (UTC)
 +
 +
: The intent was to provide a link to an inexpensive, high quality random source. Do you want to start a table *with* prices at the bottom of the page? Prices are important because some of this gear is expensive. $40 UK is dirt cheap for a FIPS approved generator. [[User:Jwalton|Jwalton]] 18:33, 30 March 2013 (UTC)
 +
 +
: No, I think a table would be worse. Leave it for now, we can review if it turns into a problem --[[User:Matt|Matt]] 08:28, 31 March 2013 (UTC)
 +
 +
 +
==No RAND_save_file function In Library==
 +
This page contains reference to ''RAND_save_file'' and is not consistent with the Manual:RAND load file(3) page (and there is no prototype found with `grep -d skip RAND_save_file /usr/include/openssl/*`)
 +
 +
[[User:Drankinatty|Drankinatty]] ([[User talk:Drankinatty|talk]]) 21:57, 11 July 2016 (UTC)
 +
 +
: Good catch, fixed. Its called RAND_write_file, not RAND_save_file.
 +
: [[User:Jwalton|Jwalton]] ([[User talk:Jwalton|talk]]) 22:39, 11 July 2016 (UTC)

Latest revision as of 22:40, 11 July 2016

Is RAND_poll part of the public API?[edit]

I have removed the question about whether RAND_poll is considered part of the public API. The "rand" module contains two header files: rand.h and rand_locl.h. The first becomes part of the deployment when you install OpenSSL, whilst the latter does not. This is a common theme throughout the library. Basically anything in the *_locl.h header files should be considered private to the library, whilst anything that gets deployed should be considered part of the public API. Since RAND_poll is in rand.h (which gets deployed during installation) it should be considered part of the public API.

--Matt 12:26, 9 March 2013 (UTC)

I think it would be good to get a clear statement of what constitutes the public API, because I'm getting conflicting messages. You state that anything in an installed header file is part of the public API. However, Contributions#Code_Maturity implies that functions are not part of the API until they are documented. Since RAND_poll is not documented, that interpretation would suggested that RAND_poll is not yet "cast in stone" and is subject to change.
--Ppelleti 00:03, 19 March 2013 (UTC)
I don't think there is a conflict between what I said above, and what it says on Contributions#Code_Maturity. That page merely says that the API might not have completely settled down which might be the reason why there isn't any documentation. It doesn't say that the API is not "public" until its been documented.
--Matt 21:05, 19 March 2013 (UTC)
Sidestepping the semantics of what it means to be "public", the real question I'm getting at is whether we should be encouraging people to use RAND_poll? Or did the OpenSSL developers leave RAND_poll undocumented on purpose?
--Ppelleti 20:33, 20 March 2013 (UTC)
Well in my personal opinion, we should not avoid undocumented functions merely because they are undocumented. If you're going to do that you might as well forget anything that involves elliptic curve keys! :-)
--Matt 20:41, 20 March 2013 (UTC)
Matt, Ppelleti - I *thought* the indicator was capital versus lowercase. RAND_poll is public, rand_poll is private and should not be used. I believe Viktor said the same some time ago on the OpenSSL Users mailing list. I can't find the reference at the moment.
I also think presence/lack of documentation is a poor indicator. There's lots of stuff that's public that does not really have a man page.
Jwalton (talk) 18:52, 4 June 2015 (UTC)

Should we be promoting a commercial company?[edit]

I am a little concerned about the link to entropykey. Should we be promoting a commercial company? Whilst the text reads fine at the moment it could be the "thin end of the wedge". This is a wiki after all. What's to stop other companies coming along and adding links to their products? How will we then decide which edits are ok, and which not? We don't want the page degenerating into a long list of products. Should we not have a policy of "no commerical endorsements"?

--Matt 12:33, 9 March 2013 (UTC)

The intent was to provide a link to an inexpensive, high quality random source. Do you want to start a table *with* prices at the bottom of the page? Prices are important because some of this gear is expensive. $40 UK is dirt cheap for a FIPS approved generator. Jwalton 18:33, 30 March 2013 (UTC)
No, I think a table would be worse. Leave it for now, we can review if it turns into a problem --Matt 08:28, 31 March 2013 (UTC)


No RAND_save_file function In Library[edit]

This page contains reference to RAND_save_file and is not consistent with the Manual:RAND load file(3) page (and there is no prototype found with `grep -d skip RAND_save_file /usr/include/openssl/*`)

Drankinatty (talk) 21:57, 11 July 2016 (UTC)

Good catch, fixed. Its called RAND_write_file, not RAND_save_file.
Jwalton (talk) 22:39, 11 July 2016 (UTC)