Remove All Software Generators
Frederick Gotham
cauldwell.thomas at gmail.com
Wed Oct 30 15:55:23 UTC 2019
Dmitry Belyavsky <beldmit at gmail.com> wrote
in
news:CADqLbz+JCTu_yQiW9w-fyO0O56MquA2NRi6HELR6pggxQdHHWA at mail.gmail.com:
> On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> <cauldwell.thomas at gmail.com> wrote:
>
>> Dmitry Belyavsky <beldmit at gmail.com>
>> wrote:
>>
>> >> You still have the OpenSSL built-in RNG.
>>
>>
>>
>> Is there a simple compiler flag to remove this?
>>
>> Or do I need to go into the source code and stick a "return -1;"
>> somewhere?
>>
>> No. Openssl will not work if you do not provide a valid RAND_METHOD
>> except
> a very minimal set of operations.
>
So I have to go into the source code and do the following?
int RAND_bytes(unsigned char *buf, int num)
{
memset(buf,0,num);
return 1;
}
I can either make this function fail (e.g. call 'abort'), or I can always
make it return 0.
What do you think?
More information about the openssl-users
mailing list