Am 21.10.2013 13:09, schrieb Fedor Indutny:
Hello devs!
I just found that its impossible to get error from `RAND_bytes()` if
running on default `RAND_SSLeay()` method.
There're a couple of reasons and observations, that are confirming it
(sorry for using github, its just more convenient to me):
1. `RAND_poll()` is called only once in initialization of method:
https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L436-L440
and
https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L648-L652
2. Static variable `entropy`, which is used to determine if the PRNG
output is secure is never decreased, and actually stays exactly at
`ENTROPY_NEEDED` value all the time. This happens because `entropy -=
...` happens only in following condition:
https://github.com/openssl/openssl/blob/master/crypto/rand/md_rand.c#L446-L463,
which is always true.
I think I can contribute a patch to make it work properly, if this isn't
an intended behavior.
Well, the comment in the code states it imho clearly that this *is*
intended behavior:
* Once we've had enough initial seeding we don't bother to
* adjust the entropy count, though, because we're not ambitious
* to provide *information-theoretic* randomness.
Ciao
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
