Okay: https://github.com/openssl/openssl/pull/4239
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
The bad case I'm aware of is the fork() one as it's critical that the RNG
state diverge on fork(). Without that you can get some very nasty
behaviour in things like TLS servers. Some of which have a thread pool +
fork() model to handle increasing load.
While ideally you'd do a complete reseed,
On August 19, 2017 at 2:48:19 AM, Salz, Rich via openssl-dev (
openssl-dev@openssl.org) wrote:
I think the safest thing is for us to not change the default. Programs that
know they are going to fork can do the right/safe thing. It would be nicer
if we could automatically always do the right thing
>So I guess you want an interface that can both add things to the
> "entropy" pool, and to the "additional data" pool? It shouldn't
>be that hard, I'll try to come up with some proposal soon.
I’d say the interface that Rich Salz proposed would be good enough:
> … But I think a new A
You can use RSA_meth_dup to copy the default RSA_METHOD,then use the
RSA_meth_set* routines to point to your own routines.
it only overrides RSA_meth_set1_name, RSA_meth_set_priv_enc
RSA_meth_set_priv_dec RSA_meth_set_finish see:
https://github.com/OpenSC/libp11/blob/master/src/p11_rsa.c
But
Hi all,
I am task to update two machines from v0.9.8z to v1.0.2 (since it is LTS).
With the minimal changes, I've been able to get the application on the machines
to compile with the newer version and generate RSA 4096 key pairs. The
applications are able to successfully use their respective pr
