Dr Paul Dale
pauli at openssl.org
Fri Apr 2 06:51:28 UTC 2021
There isn't an easy a way to do what you want in 1.1.1.
RAND_set_rand_method replaces the RNG for all of OpenSSL. In theory
your RAND_METHOD could detect which thread it is running in and do
different things for each. I'm not sure this is a good idea however.
Why aren't the random number from your first thread good enough for the
second? Good random numbers are just that - random. It should be
impossible to distinguish the two streams.
In OpenSSL 3.0 there are ways to achieve what you're wanting.
On 2/4/21 4:24 pm, Vishwanath Mahajanshetty wrote:
> I have some doubts/questions on how to use methods (for ex:
> RAND_set_rand_method) in multi threaded application which use OpenSSL.
> In my application (running on OpenSSL 1.1.1d) there are two threads
> which use OpenSSL, both threads perform very different operations. The
> issue I am facing is as below:
> Thread T1 calls RAND_set_rand_method() and sets RAND_METHOD structure.
> This is very specific to T1s use case. When thread T2 wants to create
> SSL_CTX it calls SSL_CTX_new() which then calls RAND_priv_bytes(). I
> am observing that the function RAND_priv_bytes() is calling the
> function set by T1 by RAND_METHOD in RAND_set_rand_method().
> Essentially RAND_METHOD function set by thread T1 are getting called
> by thread T2.
> *Q1: I want to know is there any way to avoid this problem? I want
> thread T2 to call default RAND methods and avoid calling methods set
> by thread T1. This is not only for RAND methods, but for any other
> Q2: Also, is it possible to run OpenSSL as separate instance per
> thread (where each thread can do its own OpenSSL initialization) so
> that they can avoid above mentioned problem?
> Thank you,
> Vishwanath M
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users