RAND_seed buffer freeing

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RAND_seed buffer freeing

Tobias.Wolf

I`ve one question regarding RAND_seed, the first parameter refers to a buffer, who is freeing that buffer afterwards? Can I free it after the call to RAND_seed or is this done by openssl?

Reply | Threaded
Open this post in threaded view
|

Re: RAND_seed buffer freeing

Dr. Matthias St. Pierre

On 11.07.19 12:00, [hidden email] wrote:
>
> I`ve one question regarding RAND_seed, the first parameter refers to a buffer, who is freeing that buffer afterwards? Can I free it after the call to RAND_seed or is this done by openssl?
>

You own the buffer, OpenSSL only reads its contents. So you can free it immediately after the call.
Note that before freeing it, you should erase the buffer contents for security reasons.

Actually, since OpenSSL 1.1.1. most applications don't need to worry about manual seeding anymore,
because the OpenSSL CSPRNG does it automatically. For more details, see

https://www.openssl.org/docs/man1.1.1/man7/RAND.html <https://www.openssl.org/docs/man1.1.1/man7/RAND.html>

and

https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html <https://www.openssl.org/docs/man1.1.1/man7/RAND_DRBG.html>

HTH,

Matthias