cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Flag to bail out if not enough entropy?

From: Florian Weimer <fw_at_deneb.enyo.de>
Date: Tue, 27 Sep 2016 17:10:51 +0200

* Daniel Stenberg:

> On Mon, 26 Sep 2016, Török Edwin wrote:
>
>> /* If we get here, it means we need to seed the PRNG using a "silly"
>> approach! */
>> do {
>> unsigned char randb[64];
>> int len = sizeof(randb);
>> RAND_bytes(randb, len);
>> RAND_add(randb, len, (len >> 1));
>> } while(!RAND_status());
>
> I'm not sure this particular loop is as stupid as the comment
> implies. RAND_bytes() is supposed to give crypto safe random and
> according to https://wiki.openssl.org/index.php/Random_Numbers the
> function will even init the random generator itself if it wasn't done
> before.

RAND_bytes can fail for various reasons, including if the generator
could not be seeded. Details depend on the engine backend OpenSSL
uses.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-27