VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Fri Jun 7 09:09:45 UTC 2019
On 07.06.19 10:45, Tomas Mraz wrote:
>
>> From the point of view of distribution maintainer of OpenSSL I would
>> say what we had in 1.1.1 before the introduction of DEVRANDOM_WAIT
>> had
>> no real problems for us.
> And to clarify myself - we have no problem with the DEVRANDOM_WAIT
> introduction either as the -DDEVRANDOM=/dev/urandom works nicely for
> us.
>
Thomas' solution works, but it is not more than a workaround,
a hack which is exploiting the fact that the DEVRANDOM_WAIT
code is placed inside an `# ifndef DEVRANDOM`.
See the discussion on openssl-users:
https://mta.openssl.org/pipermail/openssl-users/2019-May/010585.html
https://mta.openssl.org/pipermail/openssl-users/2019-May/010593.html
https://mta.openssl.org/pipermail/openssl-users/2019-May/010595.html
If desired, I can provide an alternative (competing) pull request which
makes the DEVRANDOM_WAIT feature configurable in a proper and
reasonable way. The default will be whatever the OMC decides.
Matthias
More information about the openssl-project
mailing list