Remove All Software Generators

Frederick Gotham cauldwell.thomas at gmail.com
Wed Oct 30 15:55:23 UTC 2019


Dmitry Belyavsky <beldmit at gmail.com> wrote
in
news:CADqLbz+JCTu_yQiW9w-fyO0O56MquA2NRi6HELR6pggxQdHHWA at mail.gmail.com: 

> On Wed, Oct 30, 2019 at 6:39 PM Frederick Gotham
> <cauldwell.thomas at gmail.com> wrote:
> 
>> Dmitry Belyavsky <beldmit at gmail.com>
>> wrote: 
>>
>> >> You still have the OpenSSL built-in RNG.
>>
>>
>>
>> Is there a simple compiler flag to remove this?
>>
>> Or do I need to go into the source code and stick a "return -1;"
>> somewhere? 
>>
>> No. Openssl will not work if you do not provide a valid RAND_METHOD
>> except 
> a very minimal set of operations.
> 


So I have to go into the source code and do the following?

int RAND_bytes(unsigned char *buf, int num)
{
    memset(buf,0,num);
    return 1;
}

I can either make this function fail (e.g. call 'abort'), or I can always 
make it return 0.

What do you think?



More information about the openssl-users mailing list