[openssl-users] RNG behavior by default

Steffen Nurpmeso steffen at sdaoden.eu
Sat Jan 5 19:41:31 UTC 2019


Dr. Matthias St. Pierre wrote in <b89b48fce6b54eadaba632402d789ee9 at Ex13.\
ncp.local>:
 |I agree with Kurt, except for one point:
 |
 |> The RAND_bytes and RAND_status manpages can clearly be improved.
 |
 |Both manpages got an update during the DRBG rewrite (by me) and I don't
 |see any contradiction. You bring it to the point yourself:

I had a superficial look yesterday, but i think i have to reread
them in total, anyway.

 |> So _IF_ it is seeded it is seeded...
 |
 |It is true that the DRBG will automatically seed, but it is equally true
 |that it can still end up in an unseeded (error) state, if no suitable \
 |entropy
 |source is available. And since this can also happen during reseeding (which
 |in particular is enforced after a fork), it is always necessary to \
 |check the return
 |value of the RAND_bytes() function. Because in the error state, the \
 |buffer is not
 |filled at all.

That is really bad.  Of course you had to do it like this, and you
surely have looked around to see what servers and other software
which use OpenSSL do with the PRNG after forking (i.e., whether
they reiterate the [RAND_file_name(),] RAND_load_file(),
[:[RAND_add(),] RAND_status()], [RAND_write_file()] dance as
documented, or not).

I think i will move away from RAND_ then, nonetheless, and at
least for the things i have control of.
But i will definitely reread the manual now.

Thanks for your answer.
Ciao and a nice weekend from Germany,

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)


More information about the openssl-users mailing list