Re: Regarding RAND_set_rand_method

[Dr Paul Dale <pauli@xxxxxxxxxxx>]

    There isn't an easy a way to do what you want in 1.1.1. 
    RAND_set_rand_method replaces the RNG for all of OpenSSL.  In theory
    your RAND_METHOD could detect which thread it is running in and do
    different things for each.  I'm not sure this is a good idea
    however.
    
    Why aren't the random number from your first thread good enough for
    the second?  Good random numbers are just that - random.  It should
    be impossible to distinguish the two streams.
    
    In OpenSSL 3.0 there are ways to achieve what you're wanting.
    
    
    Pauli

On 2/4/21 4:24 pm, Vishwanath Mahajanshetty wrote:

Hi,

 

I have some doubts/questions on how to use methods (for ex: RAND_set_rand_method) in multi threaded application which use OpenSSL. In my application (running on OpenSSL 1.1.1d) there are two threads which use OpenSSL, both threads perform very different operations. The issue I am facing is as below:

 

Thread T1 calls RAND_set_rand_method() and sets RAND_METHOD structure. This is very specific to T1s use case. When thread T2 wants to create SSL_CTX it calls SSL_CTX_new() which then calls RAND_priv_bytes(). I am observing that the function RAND_priv_bytes() is calling the function set by T1 by RAND_METHOD in RAND_set_rand_method().

 

Essentially RAND_METHOD function set by thread T1 are getting called by thread T2.

 

Q1: I want to know is there any way to avoid this problem? I want thread T2 to call default RAND methods and avoid calling methods set by thread T1. This is not only for RAND methods, but for any other methods.

 

Q2: Also, is it possible to run OpenSSL as separate instance per thread (where each thread can do its own OpenSSL initialization) so that they can avoid above mentioned problem?

 

Thank you,

Vishwanath M