Remove All Software Generators

Frederick Gotham cauldwell.thomas at gmail.com
Wed Oct 30 16:14:42 UTC 2019


Dmitry Belyavsky <beldmit at gmail.com> wrote:

> You should do in your engine the following:


Just so you know, I'm not a developer of the TPM2 engine for OpenSSL.

Of course though I can still go in and edit the code here and there.


> Implement the TPM-provided RAND_METHOD in the engine
> call ENGINE_set_RAND for RAND method in the engine bind fuction
> 
> and write a config file similar to
> <snip config file>


Even if I do all that, there is still the possibility that OpenSSL might 
use its built-in generator (for example if my library fails to load).

So it seems I must get the built-in generator to either:
1) Always return 0
2) Call 'abort'







More information about the openssl-users mailing list