<div dir="ltr"><div dir="ltr">Hi All,<br><div><br></div><div>We are planning to use our own RAND implementation using an engine. What we observe is, during Openssl init, default RAND gets initialized to openssl RAND.</div><div>Then later we initialize our engine RAND. Even though we make our RAND as default, we see that still openssl uses the initial default RAND.</div><div><br></div><div>Here is what could be happening. In the function RAND_get_rand_method,
default_RAND_meth gets initialized to openssl RAND. </div><div>As there is a NULL check for
default_RAND_meth ,
default_RAND_meth never gets updated as it is not NULL. </div><div>Even if engine RAND is registered and available for use,
default_RAND_meth never gets updated.</div><div><br></div><div>Given the code snippet below.</div><div>const RAND_METHOD *RAND_get_rand_method(void)<br>{<br> const RAND_METHOD *tmp_meth = NULL;<br><br> if (!RUN_ONCE(&rand_init, do_rand_init))<br> return NULL;<br><br> CRYPTO_THREAD_write_lock(rand_meth_lock);<br> if (default_RAND_meth == NULL) {<br>#ifndef OPENSSL_NO_ENGINE<br> ENGINE *e;<br><br> /* If we have an engine that can do RAND, use it. */<br> if ((e = ENGINE_get_default_RAND()) != NULL<br> && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {<br> funct_ref = e;<br> default_RAND_meth = tmp_meth;<br> } else {<br> ENGINE_finish(e);<br> default_RAND_meth = &rand_meth;<br> }<br>#else<br> default_RAND_meth = &rand_meth;<br>#endif<br> }<br> tmp_meth = default_RAND_meth;<br> CRYPTO_THREAD_unlock(rand_meth_lock);<br> return tmp_meth;<br>}<br></div><div><br></div><div>Should we remove the NULL check for
default_RAND_meth to fix this issue ? Or is there any other way?</div><div><br></div><div>Thanks</div><div>Mahendra</div><div><br></div></div></div>