Hi All,
We are planning to use our own RAND implementation using an engine. What we observe is, during Openssl init, default RAND gets initialized to openssl RAND.
Then later we initialize our engine RAND. Even though we make our RAND as default, we see that still openssl uses the initial default RAND.
Here is what could be happening. In the function RAND_get_rand_method,
default_RAND_meth gets initialized to openssl RAND.
As there is a NULL check for
default_RAND_meth ,
default_RAND_meth never gets updated as it is not NULL.
Even if engine RAND is registered and available for use,
default_RAND_meth never gets updated.
Given the code snippet below.
const RAND_METHOD *RAND_get_rand_method(void)
{
const RAND_METHOD *tmp_meth = NULL;
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
CRYPTO_THREAD_write_lock(rand_meth_lock);
if (default_RAND_meth == NULL) {
#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
/* If we have an engine that can do RAND, use it. */
if ((e = ENGINE_get_default_RAND()) != NULL
&& (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
funct_ref = e;
default_RAND_meth = tmp_meth;
} else {
ENGINE_finish(e);
default_RAND_meth = &rand_meth;
}
#else
default_RAND_meth = &rand_meth;
#endif
}
tmp_meth = default_RAND_meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return tmp_meth;
}
Should we remove the NULL check for
default_RAND_meth to fix this issue ? Or is there any other way?
Thanks
Mahendra