Revert the DEVRANDOM_WAIT feature #9084
Conversation
873e0c9 to
de3fe09
Compare
|
+1 on the patch - but explicitly not actually approving it - leaving it open for other comments |
|
This pull request inherits the '-1' added by @paulidale to issue #9078. |
|
I added the [hold] label until the OMC vote is decided. My suggestion would be to go through a regular review process and as soon as it has two OMC approvals, one of them could initiate a vote on it. Is that ok? |
|
The process is covered - basically anyone on the OMC can place a -1 on an item and that requires a vote to clear the -1 (or the person placing the -1 can themselves remove it). Anyone on the OMC can call for a vote to decide the issue. There is no time frame specified for when the vote is called or a requirement to ever call a vote (nor should there be). |
|
Ok, thanks for the clarification. |
|
Thanks @t-j-h for the clarification. |
|
-1 (Just to make it clear this needs a vote) |
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b8 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on the performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes openssl#9078 This partially reverts commit 38023b8.
de3fe09 to
c19c5a6
Compare
|
Rebased without changes in order to pick up the doc-nit fix (b1f6925). |
|
So is anyone of the @openssl/omc members willing to support this reversal of the |
I haven't yet decided how I will vote. I will leave the calling of the vote to someone else. |
|
I have just called for the OMC vote on approving this PR. |
|
Preempting @t-j-h the vote has passed and this PR is good to merge after appropriate review. |
|
Thank you, your decision was made faster than I expected. I'd still like to add the two CHANGES entries, but I am travelling today. Hope I will be able to do it late this evening or tomorrow. |
|
It turned out to be simpler to create a separate pull request for 1.1.1 which contains the cherry-pick and adds the CHANGES entries. @t-j-h @vdukhovni please take a look at #9118. |
|
I'll merge this pr together with #9118, as soon as both are approved. |
The DEVRANDOM_WAIT feature added a select() call to wait for the `/dev/random` device to become readable before reading from the `/dev/urandom` device. It was introduced in commit 38023b8 in order to mitigate the fact that the `/dev/urandom` device does not block until the initial seeding of the kernel CSPRNG has completed, contrary to the behaviour of the `getrandom()` system call. It turned out that this change had negative side effects on performance which were not acceptable. After some discussion it was decided to revert this feature and leave it up to the OS resp. the platform maintainer to ensure a proper initialization during early boot time. Fixes #9078 This partially reverts commit 38023b8. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from #9084)
Original commit message:
Revert the DEVRANDOM_WAIT feature
The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b8
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.
It turned out that this change had negative side effects on the
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
Fixes 9078
This partially reverts commit 38023b8.
Refs: openssl/openssl#9084
Fixes: nodejs#28932
Original commit message:
Revert the DEVRANDOM_WAIT feature
The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b8
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.
It turned out that this change had negative side effects on the
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
Fixes 9078
This partially reverts commit 38023b8.
Refs: openssl/openssl#9084
Fixes: #28932
PR-URL: #28983
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
It was deleted in openssl/openssl#9084 It corrupts the stack: openssl/openssl#9686 Note: mandatory check (NEED_CHECK) was skipped ref:23dc8df65263efcb9cc1e95187a6597a15c60e49
The DEVRANDOM_WAIT feature added a select() call to wait for the
/dev/randomdevice to become readable before reading from the/dev/urandomdevice. It was introduced in commit 38023b8in order to mitigate the fact that the
/dev/urandomdevicedoes not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the
getrandom()system call.
It turned out that this change had negative side effects on the
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
Fixes #9078
This partially reverts commit 38023b8.
Checklist