The 'fail with error condition stating lack of entropy' should be
something like an EAGAIN, where (at some point in the future) the call
can be re-invoked to use the amount of entropy that's already in the
pool plus whatever's been added to the system /dev/random or the
prngd?

-Kyle H

On Sat, Nov 8, 2008 at 8:17 AM, Ben Sandee wrote:
> On Sat, Nov 8, 2008 at 5:53 AM, David Schwartz wrote:
>>
>> > That's a great question. Indeed, this platform (AIX) does have
>> > /dev/random but apparently that too was exhausted because that
>> > is checked first in our implementation. I think the fault is truly
>> > with the system in question, because prngd should not have blocked
>> > in the manner it did. Despite this problem being a one-off, there
>> > is a push to "fix" the issue and guarantee it will never happen again.
>> > It was during my investigations that I noticed the blocking nature
>> > of the EGD lookups.

>>
>> So what do you want to do if you run out of entropy?

>
> Fail with an error condition stating that, rather than the indeterminate
> hang in read() that was experienced.
>
> Ben
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org