mardi 11 août 2015

What are the possible issues with generating random numbers in OpenSSL this way

My following method is supposed to generate random numbers using OpenSSL. Is this correct and sufficient? Or do you see any issues with it?

vector<unsigned char> generateBytes(const unsigned char* seed, const size_t length)
{
     if (seed != nullptr)
          RAND_seed(seed, length);  // No error handling is necessary here??
     else 
          {/*Do I need to do something here to correctly autoseed the PRNG */}

     vector<unsigned char> result(length);       
     if (!RAND_bytes(result.data(), length)) {
            throw Exception("Could not get random bytes.");
     }
     return result;
}

I also have the following concerns regarding standard practice:

  • Is it common practice to use the Engine APIs even when using the default SSLeay engine?

  • Is it common practice to auto-seed the PRNG from a entropy pools like /dev/random irrespective of how OpenSSL auto-seeds upon initialization?

  • Is it a common practice to set ENTROPY_NEEDED to some value?




Aucun commentaire:

Enregistrer un commentaire