diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-06-09 02:13:48 +0200 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-06-09 09:54:14 +0200 |
commit | 247b8a0b7d784821590898a1f0534af92ec238eb (patch) | |
tree | b9953f694dd74fff2292552b7358365009b88d2f /CHANGES | |
parent | ad416c80581c181f3c96f47c670626bf3ff58410 (diff) |
Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9118)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 22 |
1 files changed, 21 insertions, 1 deletions
@@ -9,7 +9,17 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] - *) + *) Revert the DEVRANDOM_WAIT feature for Linux systems + + The DEVRANDOM_WAIT feature added a select() call to wait for the + /dev/random device to become readable before reading from the + /dev/urandom device. + + It turned out that this change had negative side effects on + performance which were not acceptable. After some discussion it + was decided to revert this feature and leave it up to the OS + resp. the platform maintainer to ensure a proper initialization + during early boot time. Changes between 1.1.1b and 1.1.1c [28 May 2019] @@ -79,6 +89,16 @@ (CVE-2019-1543) [Matt Caswell] + *) Add DEVRANDOM_WAIT feature for Linux systems + + On older Linux systems where the getrandom() system call is not available, + OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG. + Contrary to getrandom(), the /dev/urandom device will not block during + early boot when the kernel CSPRNG has not been seeded yet. + + To mitigate this known weakness, use select() to wait for /dev/random to + become readable before reading from /dev/urandom. + *) Ensure that SM2 only uses SM3 as digest algorithm [Paul Yang] |