Remove All Software Generators
cauldwell.thomas at gmail.com
Wed Oct 30 15:19:43 UTC 2019
Dmitry Belyavsky <beldmit at gmail.com> wrote
> Yes, or any custom.
> But the engine must provide the RAND_METHOD and set it as default.
But if my TPM2 engine fails to load, then OpenSSL will just use the
So my defense agains this is to rebuild OpenSSL with the flag
After I rebuild OpenSSL, I can then remove my TPM2 engine so that there's
no engine at all.
I tried running OpenSSL at my commandline just now, and here's what I got:
(dynamic) Dynamic engine loading support
OpenSSL> rand -hex 10
Where is it it getting that random data from ? ? ? There's no engine and
yet it can still get a random number! I even tried deleting /dev/random and
/dev/urandom, but it somehow is still getting random data from somewhere!
More information about the openssl-users