➢ Even opaque objects usually have some public interface. I think exposing RAND_add_ex() would be a good idea for 1.1..1, and it’s likely to serve as an acceptable “live forever” API. That’s my point. API decisions live forever. Suppose we move around the DRBG’s so that they are per-thread, or per-SSL_CTX or per-SSL object? Will that API still work? Or will we need a A “RAND_ex_ex” function? We don’t have even consensus on when and how to reseed.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev