$GETTIM and $GETTIM_PREC on modern systems


Topic author
mgdaniel
Valued Contributor
Posts: 62
Joined: Mon Feb 28, 2022 5:16 pm
Reputation: 0
Location: Adelaide, South Australia
Status: Offline
Contact:

$GETTIM and $GETTIM_PREC on modern systems

Post by mgdaniel » Thu Jul 07, 2022 2:35 pm

A question has arisen in the OpenSSL development community regarding the relative "entropy" offered by using $GETTIM and $GETTIM_PREC resolutions. This is in the context of the number of bits of resolution offered per tick of particular systems. Use of $GETTIM_PREC adds a dependency to OpenSSL when built on VMS V8.4 which precludes execution on V8.3 and less. If there is no significant gain in "bits per tick" under $GETTIM_PREC then why bother using it.

While it is imagined Alpha boxen are pretty-much passe, and only the very latest Itanium system might support higher tick rates, what is the situation with X86, and in particular hypervisors. Any *real* advantage to $GETTIM_PREC (in an "entropy generation" context)?

While a work-around has been put in place for executing OpenSSL build on V8.4 under earlier versions, it would simplify the code if $GETTIME_PREC could be eliminated completely in favour of $GETTIM and no real loss of precision bits.


Topic author
mgdaniel
Valued Contributor
Posts: 62
Joined: Mon Feb 28, 2022 5:16 pm
Reputation: 0
Location: Adelaide, South Australia
Status: Offline
Contact:

Re: $GETTIM and $GETTIM_PREC on modern systems

Post by mgdaniel » Fri Jul 08, 2022 5:57 pm

But there you go Richard. No (current) effective difference in the result between the two calls and the SP 800-90A section 4 mechanism available. Get coding and eliminate this V8.4 dependency! Thanks for your (plural) interests.


levitte
Member
Posts: 5
Joined: Fri Jul 08, 2022 2:05 am
Reputation: 0
Status: Offline

Re: $GETTIM and $GETTIM_PREC on modern systems

Post by levitte » Tue Oct 25, 2022 3:44 pm

Jeez, it's been a bit since I looked at this.

Anyway, I've worked on this item today, and went for using $GETTIM only, but to add a sequence number to be safe (and [ahem] doing it properly ;) )

For anyone who's interested, look at https://github.com/openssl/openssl/pull/18730 (for OpenSSL 1.1.1) and https://github.com/openssl/openssl/pull/18731 (for OpenSSL 3.0 and newer).

Post Reply