Remove All Software Generators
cauldwell.thomas at gmail.com
Wed Oct 30 16:14:42 UTC 2019
Dmitry Belyavsky <beldmit at gmail.com> wrote:
> You should do in your engine the following:
Just so you know, I'm not a developer of the TPM2 engine for OpenSSL.
Of course though I can still go in and edit the code here and there.
> Implement the TPM-provided RAND_METHOD in the engine
> call ENGINE_set_RAND for RAND method in the engine bind fuction
> and write a config file similar to
> <snip config file>
Even if I do all that, there is still the possibility that OpenSSL might
use its built-in generator (for example if my library fails to load).
So it seems I must get the built-in generator to either:
1) Always return 0
2) Call 'abort'
More information about the openssl-users