[openssl-users] RNG behavior by default
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Jan 7 23:26:25 UTC 2019
Steffen Nurpmeso wrote in <20190107183136.-eW61%steffen at sdaoden.eu>:
...
| ...
||RAND_bytes() has always documented that it can fail. Most function
...
|So, to me.., i do not see any possible error condition, since the
|initial seeding has been testified with RAND_status().
|
|This is different now, and i will change the implementation as
|soon as possible. (This week.)
So i did, we disable the OpenSSL reseeding by directly calling
RAND_DRBG_set_reseed_defaults() after calling OPENSSL_init_ssl(),
which i hope will always be possible.
Be warned that i gave credit to both of you.
I have seen DRBG offers a lot of possibilities to control what
OpenSSL does, also regarding the fork handlers and all that.
Thanks for these possibilities, it is a terribly huge interface,
but it allows users to have control on what happens, instead of
sitting on an intransparent black box! Getting something going on
such a thing causes grief, as it is hacky and otherwise
troublesome!
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssl-users
mailing list