Tomas Mraz wrote in
<a73ba399390924cb0249146723d43babf485674d.camel@xxxxxxxxxxx>:
(Resorting a bit)
|On Wed, 2023-02-15 at 12:00 +0800, Jayme Mikko Ancla wrote:
|> I would like to know if my use of RAND_status() like below is
|> correct:
...
|> if (RAND_status() != 1) {
|> RAND_seed(rnd_seed, sizeof rnd_seed);
|> }
...
|I assume you're getting a failure. If so, it is because you did
|not load the default provider in addition to the legacy one.
|
|Otherwise your code is OK, although these days the RAND_seed() call
Has this changed again? I am now forced to set
(void)RAND_DRBG_set_reseed_defaults(0, 0, 0, 0); /* (does not fail here) */
and especially i call anything in a loop as in
# if mx_HAVE_TLS != mx_TLS_IMPL_RESSL && !defined mx_XTLS_HAVE_RAND_FILE
n_err(_("TLS RAND_bytes(3ssl) failed (missing entropy?), "
"waiting a bit\n"));
/* Around ~Y2K+1 anything <= was a busy loop iirc, so give pad */
su_time_msleep(250, FAL0);
continue;
# endif
|should not be needed at all, the RNG should be seeded by itself unless
|there is something wrong with your build configuration of the OpenSSL
|or your OS is some awkward legacy one.
Ah the OS! "32 byte is enough"(, endlessly), said Jason Donenfeld.
(Reseeded often, and pretty "nifty", imho. Once i looked.)
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
