Skip to content
Browse files

openssl11: Revert the DEVRANDOM_WAIT feature

The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f037
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f037.

Reviewed-by: Tim Hudson <>
Reviewed-by: Viktor Dukhovni <>

(cherry picked from commit a08714e18131b1998faa0113e5bd4024044654ac)

(Merged from openssl/openssl#9118)
  • Loading branch information...
mspncp authored and themiron committed Jun 5, 2019
1 parent f2972c5 commit eac9723ad503e36b527200c8b1631fa004ea2090
@@ -510,29 +510,6 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
size_t i;
static int wait_done = 0;

* On some implementations reading from /dev/urandom is possible
* before it is initialized. Therefore we wait for /dev/random
* to be readable to make sure /dev/urandom is initialized.
if (!wait_done && bytes_needed > 0) {

if (f >= 0) {
fd_set fds;

FD_SET(f, &fds);
while (select(f+1, &fds, NULL, NULL, NULL) < 0
&& errno == EINTR);
wait_done = 1;

for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
ssize_t bytes = 0;
@@ -28,9 +28,6 @@
* default, we will try to read at least one of these files
# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
# ifdef __linux
# define DEVRANDOM_WAIT "/dev/random"
# endif
# endif
# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)

0 comments on commit eac9723

Please sign in to comment.
You can’t perform that action at this time.