Content-Type: text/plain; charset="utf-8" Message-ID: Content-Transfer-Encoding: binary X-Mailer: MIME-tools 5.508 (Entity 5.508) In-Reply-To: Content-Disposition: inline MIME-Version: 1.0 X-RT-Interface: Web References: X-RT-Original-Encoding: utf-8 RT-Send-CC: Content-Length: 1023 Started on this in rt46047: > > 1) when built with --enable-crypto-rand, "crypto" is used instead of > > "openssl" or "pkcs11" to indicate use of the crypto library random > > number generator Instead of "crypto", I decided "random-device none;" or leaving the -r option blank would specify the default behavior. > > 2) when built with --enable-crypto-rand, random-device defaults to > > "crypto" The default in config.c is now "none" when built with crypto-rand > > 3) when overridden with -r or the random-device option, crypto-rand > > is > > fully disabled, and a file source is used in its place. "Fully disabled" is not the case -- openssl still uses its own built-in entropy source. On further thought, this is probably fine, but also note... > > 5) improve comments and write some developer doc that does a better > > job explaining how the RNG/PRNG functions interrelate In the ARM we need to be very clear about *exactly* what behavior changes when specifying the -r or random-device options.