[openssl-dev] Work on a new RNG for OpenSSL

Paul Kehrer paul.l.kehrer at gmail.com
Wed Aug 16 23:41:44 UTC 2017


Great news and congratulations to everyone on landing this work.

I see that the RNG is now capable of automatically reseeding itself on
fork, which will be a huge win for applications that aren't rigorous
about doing so themselves (read: most of them). However, it appears
that OPENSSL_INIT_ATFORK is not set as an option when OpenSSL calls
OPENSSL_init_crypto. Would it be possible to make this default? This
would be a large improvement in terms of protecting applications
linking against OpenSSL.

-Paul Kehrer (reaperhulk)

On Mon, Aug 14, 2017 at 10:45 AM, Salz, Rich via openssl-dev
<openssl-dev at openssl.org> wrote:
> Thanks everyone for the discussion (mainly in June) about this.  There’s a
> blog post describing what we’ve done for the 1.1.1 release:
> https://www.openssl.org/blog/blog/2017/08/12/random/
>
>
>
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>


More information about the openssl-dev mailing list