New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rand_lib: RAND_poll: Reseed in non-"no-deprecated" builds. #21167
Conversation
Not sure if this can be considered (CLA: trivial) |
The commit just reorders two existing lines of code (one of which is preprocessor directive) without further textual modification, and removes a third. I figured that fits pretty squarely under the meaning of a trivial change. Let me know if the consensus is otherwise and I'll sort out the CLA. Thanks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am OK with CLA: trivial as this is really just some reordering/changing when it is built of existing code.
crypto/rand/rand_lib.c
Outdated
} | ||
return ret; | ||
# else | ||
# endif | ||
static const char salt[] = "polling"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll have to move this line up before the # ifndef OPENSSL_NO_DEPRECATED_3_0
otherwise you would break ansi build.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's an -ansi -pedantic build?! Fine. (I thought this might happen.)
I wonder if this is worthwhile? |
In a non-"no-deprecated" libcrypto build with a default configuration, RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to the RAND_seed call (used in "no-deprecated" builds) to perform a reseed. CLA: trivial
As a user, I'd also be OK with a documentation errata update, although I have a preference for just fixing it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK with CLA: trivial.
IMO this is simply a bug that should be fixed on all relevant branches.
Yeah, at some point RAND_poll() should go but we did not deprecate it.
@paulidale OK with CLA: trivial? |
Yes, okay with trivial. |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Merged, thanks for the contribution. |
In a non-"no-deprecated" libcrypto build with a default configuration, RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to the RAND_seed call (used in "no-deprecated" builds) to perform a reseed. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21167) (cherry picked from commit cc343d0)
In a non-"no-deprecated" libcrypto build with a default configuration, RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to the RAND_seed call (used in "no-deprecated" builds) to perform a reseed. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21167)
In a non-"no-deprecated" libcrypto build with a default configuration, RAND_get_rand_method() == RAND_OpenSSL() and so needs to fall through to the RAND_seed call (used in "no-deprecated" builds) to perform a reseed. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #21167) (cherry picked from commit cc343d0)
I recently discovered that with a default non-"no-deprecated" libcrypto build (i.e., the one that ships with Ubuntu 22.04 LTS), calls to RAND_poll don't reseed the DRBGs the way that calls to RAND_seed or RAND_add do.
I'm aware that the DRBGs will request and add entropy automatically, so manual reseeding isn't necessary. However for applications that have reason (or requirement) to reseed during application-specific events, this brings RAND_poll in-line with the behavior of RAND_seed and RAND_add.