My following method is supposed to generate random numbers using OpenSSL. Is this correct and sufficient? Or do you see any issues with it?
vector<unsigned char> generateBytes(const unsigned char* seed, const size_t length)
{
if (seed != nullptr)
RAND_seed(seed, length); // No error handling is necessary here??
else
{/*Do I need to do something here to correctly autoseed the PRNG */}
vector<unsigned char> result(length);
if (!RAND_bytes(result.data(), length)) {
throw Exception("Could not get random bytes.");
}
return result;
}
I also have the following concerns regarding standard practice:
-
Is it common practice to use the Engine APIs even when using the default SSLeay engine?
-
Is it common practice to auto-seed the PRNG from a entropy pools like /dev/random irrespective of how OpenSSL auto-seeds upon initialization?
-
Is it a common practice to set ENTROPY_NEEDED to some value?
Aucun commentaire:
Enregistrer un commentaire