➢ Even opaque objects usually have some public interface. I think exposing
RAND_add_ex() would be a good idea for 1.1..1, and it’s likely to serve as an
acceptable “live forever” API.
That’s my point. API decisions live forever. Suppose we move around the
DRBG’s so that they are per-thread, or per-SSL_CTX or per-SSL object? Will
that API still work? Or will we need a A “RAND_ex_ex” function? We don’t have
even consensus on when and how to reseed.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
