On 27 May 2014 08:45, Peter Waltenberg <pwal...@au1.ibm.com> wrote: > ... > I did change the RNG sources for some of the OpenSSL code in our hacked > version to help with the performance problems using the wrong source causes, > for example RSA blinding data can safely come from a DRBG > (pseudo_rand_bytes()).
I assume you mean RAND_pseudo_bytes. In which case you should know that RAND_pseudo_bytes has a broken interface and cannot ever be used safely in a way which makes it different from RAND_bytes. To restate: Callers of RAND_pseudo_bytes are either unreliable, or equivalent to RAND_bytes. Do not use it. Cheers, Joe ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
