> > > You can always implement your own source of random data and > push it into > the OpenSSL engine. If you do that the rand_win code will not be > executed. > > Jeffrey Altman >
As far as I can tell from reading rand_win.c and md_rand.c, this is not the case. Calling any of the useful rand functions, see ssleay_rand_status() for example, results in RAND_poll() being called because the global "initialized" is not set. RAND_poll() calls the heapwalking stuff in windows. Calling ssleay_rand_add() (same as RAND_add) does not set the "initialized" flag so there is no way to stop the lengthy heapwalk without hacking the source. Please correct me if I'm wrong. regards, -lee ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
