Remove All Software Generators

Frederick Gotham cauldwell.thomas at
Wed Oct 30 16:14:42 UTC 2019

Dmitry Belyavsky <beldmit at> wrote:

> You should do in your engine the following:

Just so you know, I'm not a developer of the TPM2 engine for OpenSSL.

Of course though I can still go in and edit the code here and there.

> Implement the TPM-provided RAND_METHOD in the engine
> call ENGINE_set_RAND for RAND method in the engine bind fuction
> and write a config file similar to
> <snip config file>

Even if I do all that, there is still the possibility that OpenSSL might 
use its built-in generator (for example if my library fails to load).

So it seems I must get the built-in generator to either:
1) Always return 0
2) Call 'abort'

More information about the openssl-users mailing list