> Introducing DEVRANDOM_WAIT didn't cause any change for us, because > we use getentropy(), and a recent kernel. But even systems that > use getentropy() with an older kernel can have a large delay after > boot.
Yes, but that's the crucial difference IMHO: while getentropy() on blocks once during the early boot phase until its initial seeding completes, the DEVRANDOM_WAIT approach will block several times, depending on how much the other processes drain the /dev/random device. Matthias > -----Ursprüngliche Nachricht----- > Von: openssl-project <openssl-project-boun...@openssl.org> Im Auftrag von > Kurt Roeckx > Gesendet: Freitag, 7. Juni 2019 19:52 > An: Tomas Mraz <tm...@redhat.com> > Cc: openssl-project@openssl.org > Betreff: Re: VOTE Apply PR#9084 reverting DEVRANDOM_WAIT > > On Fri, Jun 07, 2019 at 10:18:32AM +0200, Tomas Mraz wrote: > > > > From the point of view of distribution maintainer of OpenSSL I would > > say what we had in 1.1.1 before the introduction of DEVRANDOM_WAIT had > > no real problems for us. > > Introducing DEVRANDOM_WAIT didn't cause any change for us, because > we use getentropy(), and a recent kernel. But even systems that > use getentropy() with an older kernel can have a large delay after > boot. > > > Kurt