Configurable runtime option for DEVRANDOM source #23871
visweshn92
started this conversation in
General Discussion
Replies: 1 comment
-
This would be a new feature and thus not applicable to stable branches. However I believe this would be a beneficial feature and a pull request implementing it would be considered for merging. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi all,
Any reason why
DEVRANDOM
in the following code is not configurable at runtime via.cnf
files if we want to pick our seed source asdevrandom
?openssl/providers/implementations/rands/seeding/rand_unix.c
Line 410 in dc9bc6c
We have a special requirement where we want to use
devrandom
as our ONLY seed source (i.e. build with--with-rand-seed=devrandom
alone without others) but would like the value ofDEVRANDOM
to be chosen at runtime instead of hardcoding at build time (-DDEVRANDOM=...
). This is because our custom device may not be available in all our systems and would like to distinguish at runtime via.cnf
file.The same is achievable in BouncyCastle [1] by supplying different
securerandom.source=
values at runtime for different container appliances but not possible in 3.0 OpenSSL.Would you all be open to such a requirement and/or a patch contribution to upstream?
[1] https://developer.classpath.org/doc/java/security/SecureRandom-source.html
Beta Was this translation helpful? Give feedback.
All reactions