Hello devs! I just found that its impossible to get error from `RAND_bytes()` if running on default `RAND_SSLeay()` method.
There're a couple of reasons and observations, that are confirming it (sorry for using github, its just more convenient to me): 1. `RAND_poll()` is called only once in initialization of method: https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L436-L440and https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L648-L652 2. Static variable `entropy`, which is used to determine if the PRNG output is secure is never decreased, and actually stays exactly at `ENTROPY_NEEDED` value all the time. This happens because `entropy -= ...` happens only in following condition: https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L446-L463, which is always true. I think I can contribute a patch to make it work properly, if this isn't an intended behavior. Basically, to my mind, if condition in pt.2 should be removed and `RAND_poll()` should be called when there're not enough entropy. But that'll lead to enormous amounts of `RAND_poll()` calls, which will make performance worse that it really is. Any thoughts, opinions? Thank you, Fedor.