Hal Murray via devel :
> Would somebody please eyeball these changes. Thanks.
>
> - unsigned char rnd[sizeof(uint32_t)];
> - RAND_bytes(rnd, sizeof(rnd));
> - return (int32_t)ntp_be32dec(rnd);
>
> + int err;
> + uint32_t rnd;
> + err = RAND_bytes((unsigned cha
k...@roeckx.be said:
> Note that this change in OpenSSL's behaviour to reseed can cause problems for
> processes that chroot and don't have access to /dev/urandom in the chroot nor
> have a system call like getentropy() that can be used instead.
Interesting. Thanks.
Is that documented somepla
On Fri, Jul 06, 2018 at 01:27:30PM -0700, Hal Murray via devel wrote:
> Also, it didn't check the return code. That raises an interesting question.
> What should we do if there isn't enough entropy?
>
> How much entropy is there in a typical system? Can a malicious user use it
> all up? Coul
Hal Murray via devel writes:
> Also, it didn't check the return code. That raises an interesting question.
> What should we do if there isn't enough entropy?
I'm sure that's been discussed before in other contexts. I don't
remember exactly where, but I think it was somewhere in the vicinity of
The old code was going through a maybe byte-swap. That seems bogus. If
nothing else, it adds a layer of confusion when trying to figure out what the
code does. Even if the data is going on the wire and normal data would get
byte-swapped, there is no need to swap random bits.
Also, it didn't
