On 27 May 2014 09:16, Joseph Birr-Pixton <jpix...@gmail.com> wrote: > On 27 May 2014 08:45, Peter Waltenberg <pwal...@au1.ibm.com> wrote: >> ... >> I did change the RNG sources for some of the OpenSSL code in our hacked >> version to help with the performance problems using the wrong source causes, >> for example RSA blinding data can safely come from a DRBG >> (pseudo_rand_bytes()). > > I assume you mean RAND_pseudo_bytes. In which case you should know > that RAND_pseudo_bytes has a broken interface and cannot ever be used > safely in a way which makes it different from RAND_bytes. > > To restate: > > Callers of RAND_pseudo_bytes are either unreliable, or equivalent to > RAND_bytes. Do not use it.
Have I missed something? What are you referring to here? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org