问题
On the OpenSSL Wiki page called EVP Key and Parameter Generation it states the following:
Since these functions use random numbers you should ensure that the random number generator is appropriately seeded
But nowhere on EVP_PKEY_keygen does it make mention of seeding a random number generator. It only discusses the low-level doc pages for non-EVP functions for generating keys.
I have also searched and everywhere no mention is made of seeding when the EVP functions are used.
So my question is; May I assume that the seeding is done internally for me in the higher-level EVP functions?
If I do need to do it then which functions must I have a look at?
回答1:
but nowhere on https://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html it makes any mention of seeding a random number generator....
See the OpenSSL wiki page Random Numbers. It takes you through it in grueling detail.
... no mention is made of seeding when the EVP functions are used
The EVP functions use whatever generator is in use for the library. It could be md_rand or a FIPS AES/CTR generator. There's nothing special to get random numbers for the EVP functions (as opposed to other functions).
May I assume that the seeding is done internally for me in the higher-level EVP functions?
Yes, if you did not seed the generator yourself. If you seeded the generator and there's sufficient entropy, then it will not auto-seed itself.
You should avoid allowing the generator to auto-seed itself. See the OpenSSL wiki page Random Numbers for the details.
There's nothing special about seeding/auto-seeding a generator when using EVP interfaces. Whatever you do applies to everything.
If I do need to do it then which functions must I have a look at?
The OpenSSL wiki page Random Numbers provides more details, but you should do something like:
int rc = RAND_load_file("/dev/urandom", 32);
if(rc != 32) {
/* RAND_load_file failed */
}
/* OK to proceed */
You want to avoid a direct call to RAND_poll, and you want to avoid auto-seeding (which calls RAND_poll internally).
来源:https://stackoverflow.com/questions/28537832/do-i-need-to-seed-any-random-number-generator-before-using-evp-pkey-keygen-of-op