AW: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Fri Jun 7 18:06:02 UTC 2019
> Introducing DEVRANDOM_WAIT didn't cause any change for us, because
> we use getentropy(), and a recent kernel. But even systems that
> use getentropy() with an older kernel can have a large delay after
> boot.
Yes, but that's the crucial difference IMHO: while getentropy() on blocks once
during the early boot phase until its initial seeding completes, the DEVRANDOM_WAIT
approach will block several times, depending on how much the other processes drain
the /dev/random device.
Matthias
> -----Ursprüngliche Nachricht-----
> Von: openssl-project <openssl-project-bounces at openssl.org> Im Auftrag von Kurt Roeckx
> Gesendet: Freitag, 7. Juni 2019 19:52
> An: Tomas Mraz <tmraz at redhat.com>
> Cc: openssl-project at openssl.org
> Betreff: Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
>
> On Fri, Jun 07, 2019 at 10:18:32AM +0200, Tomas Mraz wrote:
> >
> > From the point of view of distribution maintainer of OpenSSL I would
> > say what we had in 1.1.1 before the introduction of DEVRANDOM_WAIT had
> > no real problems for us.
>
> Introducing DEVRANDOM_WAIT didn't cause any change for us, because
> we use getentropy(), and a recent kernel. But even systems that
> use getentropy() with an older kernel can have a large delay after
> boot.
>
>
> Kurt
More information about the openssl-project
mailing list