there are rare cases where code intentionally uses undefined behavior.
No correct cases.
Undefined really means undefined. There was never any guarantee that the value used in the OpenSSL code would provide any entropy. Undefined doesn't mean "random", "unknown", or "non-deterministic", it means "implementation dependent".
So, yes, it's difficult to get entropy without a specific service that provides entropy. But that's what you need, not just a garbage variable.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds