Hello again, Is there any way to speed up discussion on this topic?
Cheers, Fedor. On Mon, Oct 21, 2013 at 3:09 PM, Fedor Indutny <fe...@indutny.com> wrote: > Hello devs! > > I just found that its impossible to get error from `RAND_bytes()` if > running on default `RAND_SSLeay()` method. > > There're a couple of reasons and observations, that are confirming it > (sorry for using github, its just more convenient to me): > > 1. `RAND_poll()` is called only once in initialization of method: > https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L436-L440and > https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L648-L652 > 2. Static variable `entropy`, which is used to determine if the PRNG > output is secure is never decreased, and actually stays exactly at > `ENTROPY_NEEDED` value all the time. This happens because `entropy -= ...` > happens only in following condition: > https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L446-L463, > which is always true. > > I think I can contribute a patch to make it work properly, if this isn't > an intended behavior. > > Basically, to my mind, if condition in pt.2 should be removed and > `RAND_poll()` should be called when there're not enough entropy. But > that'll lead to enormous amounts of `RAND_poll()` calls, which will make > performance worse that it really is. > > Any thoughts, opinions? > > Thank you, > Fedor. >
