On Tue, Jul 17, 2018 at 02:28:14PM +0100, Dean Rasheed wrote: > From what I understand from here [1], some parts of OpenSSL call > RAND_poll() once on initialisation, and that's enough to get the PRNG > going. It's not obvious that calling it multiple times would have any > benefit. > > They also don't appear to bother checking the return code from > RAND_poll() [2]. If it did fail, there'd not be much you could do > anyway, so you might as well just let it continue and let RAND_bytes() > fail. In fact it may even be possible for RAND_poll() to fail, but > just do enough to cause RAND_bytes() to succeed. > > [1] https://wiki.openssl.org/index.php/Random_Numbers
This quote from the wiki is scary so that's not quite clean either for Windows: "Be careful when deferring to RAND_poll on some Unix systems because it does not seed the generator. See the code guarded with OPENSSL_SYS_VXWORKS in rand_unix.c. Additionally, RAND_poll can have negative interactions on newer Windows platforms, so your program could hang or crash depending on the potential issue. See Windows Issues below." > [2] > https://github.com/benvanik/openssl/blob/master/openssl/crypto/rand/md_rand.c This repository is outdated, on OpenSSL HEAD I am seeing this used only in rand_win.c. And this commit is sort of interesting because there was a retry loop done with RAND_poll(). Please see this one: commit: c16de9d8329d41a2433d0f273c080d9d06ad7a87 author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> date: Thu, 31 Aug 2017 23:16:22 +0200 committer: Ben Kaduk <ka...@mit.edu> date: Wed, 18 Oct 2017 08:39:20 -0500 Fix reseeding issues of the public RAND_DRBG apps/ocsp.c also has the wisdom to check for a failure on RAND_poll(). -- Michael
signature.asc
Description: PGP signature
