Hello Alexander, On Fri, Oct 23, 2015 at 4:22 PM, Alessandro Ghedini <alessan...@ghedini.me> wrote:
> So, any thought? If there's interest in this, I can look into investigating > these things more in detail and propose possible patches. > > In Russia we have to certify the RNG hardware and software for using in organizations where the certified products are required. Currently we are able to implement custom RAND_METHODs and provide it via engines. So if the hardware is unavailable, the RAND_bytes() call fails. In the 1.0.* versions of the OpenSSL library not all calls to RAND* functions were checked for success, and it caused some problems. LibreSSL treats their RNG functions as never-failed, and I do not know about BoringSSL. So we need non-void RAND API and possibility to provide our own RAND_METHODs. If the current code is to be refactored, I ask to leave these options possible. -- SY, Dmitry Belyavsky
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev