Since I already have a well-formed config file, I think it would be a minimalistic change to hijack the "OPENSSL_noconfig" function (instead of changing the code for Init).
But your idea could work too. Even if I do implement your idea though, I will still remove the random number generation routines in drbg_lib.c, as there should not be any software psudeorandomness generator on my embedded device.
On Saturday, November 2, 2019, Salz, Rich <rsalz@xxxxxxxxxx> wrote:
If you are changing openssl, why not just change the init function to load your engine and abort/exit/fail if it doesn’t load?
