[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal and OpenSSL

From: "Jacques A. Vidrine" <n@nectar.com>

n> Besides, if OpenSSL has a crappy PRNG on some platforms, that has
n> little to do with Heimdal.  Supply your patches to the OpenSSL folks.

Hmm...  What OpenSSLs PRNG does is actually to refuse to give any data
unless it's been properly seeded.  Basically, it will only be properly
seeded on Windows adn on systems that have /dev/urandom.  The reason
/dev/random and /dev/srandom are usually not used is because they (at
least /dev/random does, I know nothing about /dev/srandom [1]) may
block, which we found unacceptable.  I might steal some ideas from
rnd_leys.c to resolve that...

[1] if someone gave me a short description of /dev/srandom and what
    it's supposed to do that's different from /dev/{,u}random, I'd be
    really glad.

Richard Levitte   \ Spannvägen 38, II \ LeViMS@stacken.kth.se
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis                -- poei@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.