> I personally see no harm if these RNG objects are made available to > applications that need/use them
But decisions like this live forever. It is therefore VERY important to spend time thinking about what becomes part of the public API and what remains hidden so that we can change things later when we have a better understanding. This concept is new to OpenSSL :) But we just put out a 1.1.0 release that made things opaque, so it’s more fresh in the minds of at least some of the dev team. Personally, since DRBG is new in 1.1.1 I would be quite happy if we didn’t expose anything public until the release after that. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev