First: thank you for a nicely detailed and informative reply. I appreciate it. Thanks.
Thus spake Andy Polyakov ([EMAIL PROTECTED]): > > rename(file,";1"); /* Make sure it's version 1, or we > > Wouldn't it be more appropriate to simply ensure that version number > doesn't increase and skip the rename altogether? As far as I understand > it's possible by opening file in shared mode, by passing "shr=???" > argument to [f]open... That would definitely avoid the RMS bug, but I think multiple callers would still fight over contents of the file, and two or more could use the same contents depending on timing. > > I think the bigger > > question I need to answer here is more of a _general_ issue with how openssl > > expects to actually USE the randfile routines and contents. OpenVMS really > > only > > points out that there is a possible general issue here. > > > > The routine in question, RAND_write_file(), creates a new rand file, and > > then > > immediately closes the file ... This is then subsequently reread, > > apparently, > > using RAND_load_file(). This would seem to me that any callers of > > RAND_load_file() might have an expectation of getting back the exact data > > that > > they wrote into the rand file earlier, or at least, of getting *some* data > > back. > > Keyword is "caller" and it's actually *you*, or more exactly application > running on your behalf. Note distinction between implementation of > RAND_[read|write]_file residing in library and application using it. Distinction noted - thanks. I'm using an interface library written locally by someone else and hiding inside it, rather than deeper inside openssl, were the calls that set this up. I had mistakenly thought that the .RND file was a product of the openssl library (and actually, it is - if you use RAND_file_name() and don't set the RANDFILE environment variable!) For my application, I should not be using the 'default' filename provided by RAND_file_name(). The problem is now easily solvable. Thanks! -- David ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
