[openssl] OpenSSL_1_1_1-stable update
Dr. Paul Dale
pauli at openssl.org
Thu Aug 29 21:58:10 UTC 2019
The branch OpenSSL_1_1_1-stable has been updated
via f493bd6f94c646ba1d96d95f4e5c2a828c668f42 (commit)
from 51e236df41871871dabd2f5f7156e27a0eef3b3b (commit)
- Log -----------------------------------------------------------------
commit f493bd6f94c646ba1d96d95f4e5c2a828c668f42
Author: Pauli <paul.dale at oracle.com>
Date: Fri Aug 30 07:29:35 2019 +1000
Fix NITs in comments and CHANGES for DEVRANDOM seeded check.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9734)
(cherry picked from commit 46a9cc9451213039fd53f62733b2ccd04e853bb2)
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 9 +++++++++
crypto/rand/rand_unix.c | 4 ++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/CHANGES b/CHANGES
index 4f979c4826..42504be4ac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,15 @@
Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
+ *) Early start up entropy quality from the DEVRANDOM seed source has been
+ improved for older Linux systems. The RAND subsystem will wait for
+ /dev/random to be producing output before seeding from /dev/urandom.
+ The seeded state is stored for future library initialisations using
+ a system global shared memory segment. The shared memory identifier
+ can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+ the desired value. The default identifier is 114.
+ [Paul Dale]
+
*) Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems. The RAND subsystem will wait for
/dev/random to be producing output before seeding from /dev/urandom.
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 258fef7eb0..e57b6dd893 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -388,7 +388,7 @@ static int wait_random_seeded(void)
fd_set fds;
if (!seeded) {
- /* See if anthing has created the global seeded indication */
+ /* See if anything has created the global seeded indication */
if ((shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1, 0)) == -1) {
/*
* Check the kernel's version and fail if it is too recent.
@@ -422,7 +422,7 @@ static int wait_random_seeded(void)
close(fd);
if (r == 1) {
seeded = 1;
- /* Craete the shared memory indicator */
+ /* Create the shared memory indicator */
shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1,
IPC_CREAT | S_IRUSR | S_IRGRP | S_IROTH);
}
More information about the openssl-commits
mailing list