From 247b8a0b7d784821590898a1f0534af92ec238eb Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 9 Jun 2019 02:13:48 +0200 Subject: [PATCH] Add CHANGES entries for the DEVRANDOM_WAIT feature and its removal Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/9118) --- CHANGES | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1fbea53682..c5cd38b6fd 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,17 @@ Changes between 1.1.1c and 1.1.1d [xx XXX xxxx] - *) + *) Revert the DEVRANDOM_WAIT feature for Linux systems + + The DEVRANDOM_WAIT feature added a select() call to wait for the + /dev/random device to become readable before reading from the + /dev/urandom device. + + It turned out that this change had negative side effects on + performance which were not acceptable. After some discussion it + was decided to revert this feature and leave it up to the OS + resp. the platform maintainer to ensure a proper initialization + during early boot time. Changes between 1.1.1b and 1.1.1c [28 May 2019] @@ -79,6 +89,16 @@ (CVE-2019-1543) [Matt Caswell] + *) Add DEVRANDOM_WAIT feature for Linux systems + + On older Linux systems where the getrandom() system call is not available, + OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG. + Contrary to getrandom(), the /dev/urandom device will not block during + early boot when the kernel CSPRNG has not been seeded yet. + + To mitigate this known weakness, use select() to wait for /dev/random to + become readable before reading from /dev/urandom. + *) Ensure that SM2 only uses SM3 as digest algorithm [Paul Yang] -- 2.25.1