RAND_pseudo_bytes() implementation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

RAND_pseudo_bytes() implementation

Dmitry Belyavsky

I have a question on RAND_pseudo_bytes() semantics.

We've written an engine with our own RAND_METHOD. Our random number
generator is able to return both cryptographically strong data and
cryptographically weak data. Our RNG is able to provide
cryptographically weak data much more faster. So when we call
RAND_pseudo_bytes(), it always returns 0 (according to man).

In libssl I've found about 20 calls to RAND_pseudo_bytes() when 0 is
treated as an error. But if we need cryptographically strong data, it
seems to be more correctly to call RAND_bytes().

So am I wrong in my understanding of RAND_pseudo_bytes() semantics, or
there is an error in OpenSSL?

Thank you!

SY, Dmitry Belyavsky (ICQ UIN 11116575)

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]