From: Dr. Matthias St. Pierre Date: Sun, 9 Jun 2019 00:13:48 +0000 (+0200) Subject: Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal X-Git-Tag: OpenSSL_1_1_1d~149 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=247b8a0b7d784821590898a1f0534af92ec238eb;p=oweals%2Fopenssl.git Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/9118) --- diff --git a/CHANGES b/CHANGES index 1fbea53682..c5cd38b6fd 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,17 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] - *) + *) Revert the DEVRANDOM_WAIT feature for Linux systems + + The DEVRANDOM_WAIT feature added a select() call to wait for the + /dev/random device to become readable before reading from the + /dev/urandom device. + + It turned out that this change had negative side effects on + performance which were not acceptable. After some discussion it + was decided to revert this feature and leave it up to the OS + resp. the platform maintainer to ensure a proper initialization + during early boot time. Changes between 1.1.1b and 1.1.1c [28 May 2019] @@ -79,6 +89,16 @@ (CVE-2019-1543) [Matt Caswell] + *) Add DEVRANDOM_WAIT feature for Linux systems + + On older Linux systems where the getrandom() system call is not available, + OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG. + Contrary to getrandom(), the /dev/urandom device will not block during + early boot when the kernel CSPRNG has not been seeded yet. + + To mitigate this known weakness, use select() to wait for /dev/random to + become readable before reading from /dev/urandom. + *) Ensure that SM2 only uses SM3 as digest algorithm [Paul Yang]