On Fri, Jun 07, 2019 at 11:09:45AM +0200, Matthias St. Pierre wrote: > See the discussion on openssl-users: > > https://mta.openssl.org/pipermail/openssl-users/2019-May/010585.html > https://mta.openssl.org/pipermail/openssl-users/2019-May/010593.html > https://mta.openssl.org/pipermail/openssl-users/2019-May/010595.html > > If desired, I can provide an alternative (competing) pull request which > makes the DEVRANDOM_WAIT feature configurable in a proper and > reasonable way. The default will be whatever the OMC decides.
I think that having the RNG behaviour capriciously different on different systems based on the whims of whoever built the library for that system is not a good idea. OpenSSL should provide an RNG that does not block "unexpectedly", indefinitely, and unpredictably. Where "unexpectedly", means except possibly early at boot time, but ideally waiting for boot-time entropoy is something that systemd and the like take care of, and application start scripts can just register a dependency on some sort of "entropy" service, whose successful initialization is sufficient to ensure adequately secure non-blocking seeding of applications via one of getentropy(), getrandom(), /dev/urandom... That is, I'd expect most of the work for ensuring adequate entropy to happen outside libcrypto, except for perhaps enabling some additional sources that may be available on various systems. -- Viktor.