The 'fail with error condition stating lack of entropy' should be something like an EAGAIN, where (at some point in the future) the call can be re-invoked to use the amount of entropy that's already in the pool plus whatever's been added to the system /dev/random or the prngd?
-Kyle H On Sat, Nov 8, 2008 at 8:17 AM, Ben Sandee <[EMAIL PROTECTED]> wrote: > On Sat, Nov 8, 2008 at 5:53 AM, David Schwartz <[EMAIL PROTECTED]> wrote: >> >> > That's a great question. Indeed, this platform (AIX) does have >> > /dev/random but apparently that too was exhausted because that >> > is checked first in our implementation. I think the fault is truly >> > with the system in question, because prngd should not have blocked >> > in the manner it did. Despite this problem being a one-off, there >> > is a push to "fix" the issue and guarantee it will never happen again. >> > It was during my investigations that I noticed the blocking nature >> > of the EGD lookups. >> >> So what do you want to do if you run out of entropy? > > Fail with an error condition stating that, rather than the indeterminate > hang in read() that was experienced. > > Ben > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
