On Wed, Aug 23, 2017 at 05:12:56PM -0400, Paul Kehrer wrote: > On August 19, 2017 at 2:48:19 AM, Salz, Rich via openssl-dev ( > openssl-dev@openssl.org) wrote: > > > I think the safest thing is for us to not change the default. Programs that > know they are going to fork can do the right/safe thing. It would be nicer > if we could automatically always do the right thing, but I don’t think it’s > possible. > > > It appears the current position is that since there will be edge cases > where a reseed would fail (thus either halting the RNG or silently not > reseeding it) that we should not attempt to reseed? I would argue it is > better to attempt to reseed and document that edge cases may need to reseed > themselves. This dramatically narrows the window from "everybody needs to > do it" to "users in certain scenarios that are becoming rarer by the day > need to do it". Given that backwards compatibility is a concern maybe > failure to reseed on fork should only drop an error on the child process's > error queue though? That behavior could potentially be a separate flag that > OpenSSL uses by default (OPENSSL_TRY_TO_INIT_ATFORK), and then > OPENSSL_INIT_ATFORK can be more strict about reseed failures if desired.
An idea that I had was to default to reseed on fork if we know we have a working syscall. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
