Expose RAND_poll / RAND_add to user code via crypto module. (!4014) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/scovetta/crypto-add-entropy into master Nov 25, 2015

The purpose of this patch is to allow Node applications to add additional entropy to OpenSSL's pool. This is useful in environments where a running Node process can be cloned (e.g. VM snapshotting or live migration), resulting in a chance of the cloned process sharing an entropy pool with the original process.

The new AddEntropy function works as follows:

If no parameters are passed, it calls RAND_poll. Performance was evaluated at about 140k ops/sec, but this will vary by OS and hardware.
If one parameter is passed, it is expected to be a buffer, which is passed to RAND_add. Performance was evaluated at about 1.8m ops/sec.

The AddEntropy function is bound to crypto.addEntropy().

Usage: var crypto = require('crypto');

// Add entropy from system-supplied source crypto.addEntropy();

// Add entropy from a user-supplied source crypto.addEntropy(new Uint8Array([38, 4, 19, 22]));

Admin message

Admin message

Expose RAND_poll / RAND_add to user code via crypto module.

Merge request reports