<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Have you tried RAND_set_rand_method()?<div class=""><br class=""></div><div class="">This should replace the RNG with yours.</div><div class=""><br class=""></div><div class="">In 3.0, there will be a different scheme and an engine isn’t the ideal way to go.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Pauli<br class=""><div class="">
<div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">-- <br class="">Dr Paul Dale | Distinguished Architect | Cryptographic Foundations <br class="">Phone +61 7 3031 7217<br class="">Oracle Australia</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><br class="Apple-interchange-newline"></div><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 1 Dec 2020, at 1:02 am, Mahendra SP <<a href="mailto:mahendra.sp@gmail.com" class="">mahendra.sp@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class="">Hi All,<br class=""><div class=""><br class=""></div><div class="">We are planning to use our own RAND implementation using an engine. What we observe is, during Openssl init, default RAND gets initialized to openssl RAND.</div><div class="">Then later we initialize our engine RAND. Even though we make our RAND as default, we see that still openssl uses the initial default RAND.</div><div class=""><br class=""></div><div class="">Here is what could be happening. In the function RAND_get_rand_method,
default_RAND_meth gets initialized to openssl RAND. </div><div class="">As there is a NULL check for
default_RAND_meth ,
default_RAND_meth never gets updated as it is not NULL. </div><div class="">Even if engine RAND is registered and available for use,
default_RAND_meth never gets updated.</div><div class=""><br class=""></div><div class="">Given the code snippet below.</div><div class="">const RAND_METHOD *RAND_get_rand_method(void)<br class="">{<br class=""> const RAND_METHOD *tmp_meth = NULL;<br class=""><br class=""> if (!RUN_ONCE(&rand_init, do_rand_init))<br class=""> return NULL;<br class=""><br class=""> CRYPTO_THREAD_write_lock(rand_meth_lock);<br class=""> if (default_RAND_meth == NULL) {<br class="">#ifndef OPENSSL_NO_ENGINE<br class=""> ENGINE *e;<br class=""><br class=""> /* If we have an engine that can do RAND, use it. */<br class=""> if ((e = ENGINE_get_default_RAND()) != NULL<br class=""> && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {<br class=""> funct_ref = e;<br class=""> default_RAND_meth = tmp_meth;<br class=""> } else {<br class=""> ENGINE_finish(e);<br class=""> default_RAND_meth = &rand_meth;<br class=""> }<br class="">#else<br class=""> default_RAND_meth = &rand_meth;<br class="">#endif<br class=""> }<br class=""> tmp_meth = default_RAND_meth;<br class=""> CRYPTO_THREAD_unlock(rand_meth_lock);<br class=""> return tmp_meth;<br class="">}<br class=""></div><div class=""><br class=""></div><div class="">Should we remove the NULL check for
default_RAND_meth to fix this issue ? Or is there any other way?</div><div class=""><br class=""></div><div class="">Thanks</div><div class="">Mahendra</div><div class=""><br class=""></div></div></div>
</div></blockquote></div><br class=""></div></body></html>