cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Flag to bail out if not enough entropy?

From: Florian Weimer <fw_at_deneb.enyo.de>
Date: Tue, 27 Sep 2016 17:10:51 +0200

* Daniel Stenberg:

> On Mon, 26 Sep 2016, Török Edwin wrote:
>
>> /* If we get here, it means we need to seed the PRNG using a "silly"
>> approach! */
>> do {
>> unsigned char randb[64];
>> int len = sizeof(randb);
>> RAND_bytes(randb, len);
>> RAND_add(randb, len, (len >> 1));
>> } while(!RAND_status());
>
> I'm not sure this particular loop is as stupid as the comment
> implies. RAND_bytes() is supposed to give crypto safe random and
> according to https://wiki.openssl.org/index.php/Random_Numbers the
> function will even init the random generator itself if it wasn't done
> before.

RAND_bytes can fail for various reasons, including if the generator
could not be seeded. Details depend on the engine backend OpenSSL
uses.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-27

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Flag to bail out if not enough entropy?"
Previous message: Daniel Stenberg: "Re: Flag to bail out if not enough entropy?"
In reply to: Daniel Stenberg: "Re: Flag to bail out if not enough entropy?"
Next in thread: Daniel Stenberg: "Re: Flag to bail out if not enough entropy?"
Reply: Daniel Stenberg: "Re: Flag to bail out if not enough entropy?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]