VOTE Apply PR#9084 reverting DEVRANDOM_WAIT
Kurt Roeckx
kurt at roeckx.be
Fri Jun 7 22:48:39 UTC 2019
On Fri, Jun 07, 2019 at 07:01:30PM +0000, Salz, Rich wrote:
>
> > The kernel actually already does this in recent versions, if
> configured to do it.
>
> "The" kernel. Which one is that? Which operating system?
>
> Modern Linux is fine. Is that all we care about?
This whole discussion has only been about Linux, we only define
DEVRANDOM_WAIT on Linux.
I think all other OSs have a sane /dev/urandom, but I'm not sure
about NetBSD.
> 1.1.1c made Solaris (and possibly others) more secure. I would be disappointed if 1.1.1d took that away and tried to rationalize that "it's not my job." *YOU'RE A CRYPTOGRAPHIC LIBRARY*
Do you have a reference that Solaris allows reading from
/dev/urandom before it's been initialized?
Kurt
More information about the openssl-project
mailing list