'owdy, On November 21, 2003 06:07 pm, Richard Levitte - VMS Whacker wrote: > geoff> Hmm ... indeed. The irritating thing (nothing we can do about > geoff> it though) is that application authors are probably not going > geoff> to pay any attention to the new ENGINE_METHOD_RAND_SEED flag. I > geoff> know, I'm a cynic. :-) > > I find that less important. If they can't be bothered to at least > read NEWS (and I think it's appropriate to mention a new flag in > there), there's not much we can do for them, except point at it when > they come to us and complain. More than that, I won't feel guilty in > any kind of way, knowing we have done our best to provide options. > After that, it's up to them to use the options wisely.
Yeah, I understand your point of view. I'm not going to interfere in your choice of which way to go, I just wanted to raise what I see as a potential problem; namely that correct use of the openssl API by application source may be totally solid and "as it should be", yet might need source changes to appease users of one (or more) optional plugin engines, just because those engines have severe limitations in furnishing data as is traditionally expected from RAND_METHOD usage. BTW: are you sure that it's not just a question of the ncipher RAND_METHOD implementation being over-enthusiastic? I'm looking at "hwcrhk_rand" right now, and I see that the "bytes()" and "pseudorand()" handlers are linked to the same hwcrhk_rand_bytes() function. Presumably only "bytes()" *needs* to come from the hardware/driver - and "pseudorand()" could perhaps be generated in software from hardware/driver seeding? Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
