klist -t opening $HOME/.rnd

Harald Barth haba at kth.se
Thu Mar 15 17:21:35 CET 2018

> I think that side of the design is fine, but a library PRNG probably
> doesn't need to interact with a seed file in this day and age.

So if we remove the blocks protected by NO_RANDFILE
we get

    /* Calling RAND_status() will try to use /dev/urandom if it exists so
       we do not have to deal with it. */
    if (RAND_status() != 1) {
        /* TODO: Once a Windows CryptoAPI RAND method is defined, we
           can use that and failover to another method. */

    if (RAND_status() == 1)     {
        return 0;
    } else
        return -1;

Which boils down to

    /* Write something more fancy if a Windows CryptoAPI RAND method is
       available as an alternate fallback but until that just convert 
       the return value */
    return (RAND_status() == 1) ? 0 : -1 ;

Should we make that simplification (I have no specific opinion about
the "?" operator, if/else according to the original code is fine as


More information about the Heimdal-discuss mailing list