On Sun, Mar 5, 2023 at 1:33 PM Randall via curl-library <curl-library@lists.haxx.se> wrote: > > Hi Curl, > > I have a curl built with OpenSSL. The built of OpenSSL uses hardware > randomization on the platform using _rdrand64(). When I use libcurl, > typically through git, I end up with an open to PRNGD, which is not > desirable. I'm wondering whether there is a configuration setting that I am > missing from curl to force this, or whether I should contribute code to > access the x86 hardware randomizer directly. There is no /dev/urandom or > /dev/random on this platform, aside from it being POSIX compliant. Curl is > configured as follows: > > CFLAGS="-c99" CPPFLAGS="-D_XOPEN_SOURCE_EXTENDED=1 -WIEEE_float > -I/usr/local/openssl/include" LDFLAGS="-L/usr/local/lib" ./configure > --with-ssl=/usr/local --with-ca-path=/usr/local/ssl/certs --disable-pthreads > --disable-threaded-resolver --enable-ipv6 > > Thanks in advance, > Randall > > -- > Brief whoami: NonStop&UNIX developer since approximately > UNIX(421664400) > NonStop(211288444200000000) > -- In real life, I talk too much.
I strongly suggest you against this approach, There are buggy CPUs with buggy rdrand, there are a number of pitfalls. Most current operating systems have either getentropy, getrandom, arc4random or a documentred platform-specific RNG. USE THAT INSTEAD. If there is really only rdrand (I really doubt that) on this exotic system, google "fast key erasure rng AES-NI" something like https://github.com/jedisct1/aes-stream should do it. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
