> Okay first I'll show the changes that I've made to the source code and
> build setup for "libopenssl".
I added one more change, I added to the beginning of the function
"OPENSSL_init_crypto" these two lines:
opts &= ~(uint64_t)OPENSSL_INIT_NO_LOAD_CONFIG;
opts |= OPENSSL_IN
Okay first I'll show the changes that I've made to the source code and
build setup for "libopenssl".
I have added two compiler flags: OPENSSL_NO_RDRAND, OPENSSL_LOAD_CONFIG
Not that the following compiler flag is NOT set:
OPENSSL_NO_AUTOLOAD_CONFIG
And here are the source code changes:
(1)
Since I already have a well-formed config file, I think it would be a
minimalistic change to hijack the "OPENSSL_noconfig" function (instead of
changing the code for Init).
But your idea could work too. Even if I do implement your idea though, I
will still remove the random number generation routi
If you are changing openssl, why not just change the init function to load your
engine and abort/exit/fail if it doesn’t load?
>> int OPENSSL_config(void)
>> {
>> return OPENSSL_config();
>> }
That first line should be:
int OPENSSL_noconfig(void)
I have a config file, "/etc/ssl/openssl.cnf". This config file gives the
details of an engine to use for random number generation. I know that this
config file is well-formed because I have confirmed that it uses my engine
when I try to use the "openssl" utility at the command line to generate a
ra
