Question related to default RAND usage and update with engine RAND

Mahendra SP mahendra.sp at
Mon Nov 30 15:02:25 UTC 2020

Hi All,

We are planning to use our own RAND implementation using an engine. What we
observe is, during Openssl init, default RAND gets initialized to openssl
Then later we initialize our engine RAND. Even though we make our RAND as
default, we see that still openssl uses the initial default RAND.

Here is what could be happening. In the function RAND_get_rand_method,
default_RAND_meth gets initialized to openssl RAND.
As there is a NULL check for  default_RAND_meth ,  default_RAND_meth  never
gets updated as it is not NULL.
Even if engine RAND is registered and available for use,  default_RAND_meth
never gets updated.

Given the code snippet below.
const RAND_METHOD *RAND_get_rand_method(void)
    const RAND_METHOD *tmp_meth = NULL;

    if (!RUN_ONCE(&rand_init, do_rand_init))
        return NULL;

    if (default_RAND_meth == NULL) {
        ENGINE *e;

        /* If we have an engine that can do RAND, use it. */
        if ((e = ENGINE_get_default_RAND()) != NULL
                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
            funct_ref = e;
            default_RAND_meth = tmp_meth;
        } else {
            default_RAND_meth = &rand_meth;
        default_RAND_meth = &rand_meth;
    tmp_meth = default_RAND_meth;
    return tmp_meth;

Should we remove the NULL check for default_RAND_meth to fix this issue ?
Or is there any other way?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list