Re: Support getrandom() for pg_strong_random() source

> On 23 Jul 2025, at 19:11, Jacob Champion <jacob.champion@enterprisedb.com> wrote:

> .. maybe the pendulum has swung far enough that we can expect any
> kernel supporting getentropy() to be able to do the job just as well
> as OpenSSL does in userspace, except also faster? I think it might be
> worth a discussion.

There has in the past been discussions (at least off-list in hallway tracks)
about allowing randomness to be chosen separately from underlying factors such
as OpenSSL support, at the time it didn't seem worth the trouble but that may
well have changed.

With OpenSSL 1.1.1 being the baseline we can also make use of the _priv_bytes
functions to get increased isolation.

--
Daniel Gustafsson