[openssl-users] RNG behavior by default

Steffen Nurpmeso steffen at sdaoden.eu
Mon Jan 7 23:26:25 UTC 2019

Steffen Nurpmeso wrote in <20190107183136.-eW61%steffen at sdaoden.eu>:
 |  ...
 ||RAND_bytes() has always documented that it can fail. Most function
 |So, to me.., i do not see any possible error condition, since the
 |initial seeding has been testified with RAND_status().
 |This is different now, and i will change the implementation as
 |soon as possible.  (This week.)

So i did, we disable the OpenSSL reseeding by directly calling
RAND_DRBG_set_reseed_defaults() after calling OPENSSL_init_ssl(),
which i hope will always be possible.
Be warned that i gave credit to both of you.

I have seen DRBG offers a lot of possibilities to control what
OpenSSL does, also regarding the fork handlers and all that.
Thanks for these possibilities, it is a terribly huge interface,
but it allows users to have control on what happens, instead of
sitting on an intransparent black box!  Getting something going on
such a thing causes grief, as it is hacky and otherwise

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the openssl-users mailing list