[openssl-dev] Work on a new RNG for OpenSSL

Thu Aug 17 12:22:07 UTC 2017

I understand the concern.  The issue I am wrestling with is strict compatibility with the existing code.  Does anyone really *want* the RNG’s to not reseed on fork?  It’s hard to imagine, but maybe somewhere someone is.  And then it’s not about just reseeding, but what about when (if) we add other things, like whether or not the secure arena gets zero’d in a child?

So let me phrase it this way:  does anyone object to changing the default so NO_ATFORK must be used to avoid the reseeding and other things we might add later?

    By the way I noticed that openssl_init_fork_handlers() is not guarded by
    RUN_ONCE(). This should be fixed, too.

Yeah, I’ll fix that; thanks.