On November 16, 2021 7:48 PM, Carlo Arenas wrote: > On Tue, Nov 16, 2021 at 4:01 PM <rsbecker@xxxxxxxxxxxxx> wrote: > > > > We do link with libcurl and use OpenSSL as a DLL to handle TLS. The > underlying random source for the nonstop-* configurations as of OpenSSL > 3.0 are PNRG supplied by the vendor (HPE) on ia64 and the hardware > rdrand* instructions on x86. I know that part of the OpenSSL code rather > intimately. > > Older versions of OpenSSL exported (AFAIK) a usable version of > arc4random_buf() that could have helped here; it seems to still be there in > libressl[1] which is mostly API compatible and might be worth looking into > IMHO even if as you pointed out will need an implementation similar to what > OpenSSL does internally. > > [1] https://cvsweb.openbsd.org/src/lib/libcrypto/arc4random/ I do not see arc4random being used in our builds going back to OpenSSL 1.0.2, which is as far back as I go anyway.
