Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v10.x] deps:openssl: cherry-pick c19c5a6 from upstream #28983

Closed
wants to merge 1 commit into from

Conversation

@ofrobots
Copy link
Contributor

commented Aug 5, 2019

Original commit message:

Revert the DEVRANDOM_WAIT feature

The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b8
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on the
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes 9078

This partially reverts commit 38023b8.

Refs: openssl/openssl#9084
Fixes: #28932

  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows commit guidelines
deps:openssl: cherry-pick c19c5a6 from upstream
Original commit message:
    Revert the DEVRANDOM_WAIT feature

    The DEVRANDOM_WAIT feature added a select() call to wait for the
    `/dev/random` device to become readable before reading from the
    `/dev/urandom` device. It was introduced in commit 38023b8
    in order to mitigate the fact that the `/dev/urandom` device
    does not block until the initial seeding of the kernel CSPRNG
    has completed, contrary to the behaviour of the `getrandom()`
    system call.

    It turned out that this change had negative side effects on the
    performance which were not acceptable. After some discussion it
    was decided to revert this feature and leave it up to the OS
    resp. the platform maintainer to ensure a proper initialization
    during early boot time.

    Fixes 9078

    This partially reverts commit 38023b8.

Refs: openssl/openssl#9084
Fixes: #28932

@ofrobots ofrobots changed the title deps:openssl: cherry-pick c19c5a6 from upstream [v10.x] deps:openssl: cherry-pick c19c5a6 from upstream Aug 5, 2019

@nodejs-github-bot

This comment has been minimized.

@ofrobots

This comment has been minimized.

Copy link
Contributor Author

commented Aug 5, 2019

@nodejs/lts @nodejs/crypto this needs a review, but otherwise good to go. CI is green.

@shigeki

shigeki approved these changes Aug 6, 2019

Copy link
Contributor

left a comment

LGTM but it means that Google Cloud needs to have more entropies as

the platform maintainer to ensure a proper initialization during early boot time.

https://github.com/openssl/openssl/blob/f2bb79a78a1681f9a137d7560a17982f6e54333c/CHANGES#L37-L38

@cjihrig

cjihrig approved these changes Aug 6, 2019

BethGriggs added a commit that referenced this pull request Aug 6, 2019

deps: cherry-pick c19c5a6 from openssl upstream
Original commit message:
    Revert the DEVRANDOM_WAIT feature

    The DEVRANDOM_WAIT feature added a select() call to wait for the
    `/dev/random` device to become readable before reading from the
    `/dev/urandom` device. It was introduced in commit 38023b8
    in order to mitigate the fact that the `/dev/urandom` device
    does not block until the initial seeding of the kernel CSPRNG
    has completed, contrary to the behaviour of the `getrandom()`
    system call.

    It turned out that this change had negative side effects on the
    performance which were not acceptable. After some discussion it
    was decided to revert this feature and leave it up to the OS
    resp. the platform maintainer to ensure a proper initialization
    during early boot time.

    Fixes 9078

    This partially reverts commit 38023b8.

Refs: openssl/openssl#9084
Fixes: #28932

PR-URL: #28983
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@BethGriggs BethGriggs referenced this pull request Aug 6, 2019
@MylesBorins

This comment has been minimized.

Copy link
Member

commented Aug 6, 2019

landed in 894a9dd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.