On Thu, Aug 22, 2013, Bodo Moeller wrote: > On Thu, Aug 22, 2013 at 4:50 AM, Bodo Moeller <bmoel...@acm.org> wrote: > > > > > Most other libraries I've seen handle this by saving the pid in a static > >> variable, and then comparing the current pid to it. This has the advantage > >> of not needing pthreads, and also of only adding the entropy to the child > >> if it is actually needed (i. e. it doesn't exec after fork). > >> > > > > We may have to do that, but we'll still want to always use the current PID > > so that we don't end up relying on any kind of random device actually being > > present (not all environments have that, so while we can try to reseed, we > > can't be sure that this will work). > > > > (So we probably should use the current time in addition to the PID to get a > general solution to the PID wrap-around problem even on systems where > actual independent reseeding isn't possible.)
The FIPS PRNG uses a combination of PID, a counter and a form of system timer for the DT vector which is used on every invocation (a requirement of the standard). Something similar could be used here or combined with rdrand/rdtsc or similar if available. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
