Skip to Content [alt-c]
In reply to LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]
RAND_poll is rarely used at all, and correct use is very uncommon. Sure the API exists but looking in package source in Debian and OpenBSD I only found 5 programs using it safely: Net::SSLeay, libevent sample code (also present in the copy of libevent in mozilla trees), Tor, lldpd, dnscrypt-proxy.
A few more use it incorrectly i.e. without checking the return code:
virtuoso, libjingle (some correct checks, some not), uim, kopete, x11vnc/ssvnc, libofetion, libevhtp, libtango, Crypt::SMIME, stone
But then given that OpenSSL doesn't document it (surprise!) and itself uses it unchecked (in the stub for RAND_screen), who can blame them?
I think people are missing the point of the "truly scary function". Read the comments, especially lines 130-153. This is more a case of "if your kernel doesn't provide a reliable means to fetch entropy, we'll try what we can, but there really isn't much we can do".
In my opinion, what is needed is an intent to continue maintaining the sysctl interface until an alternative safe kernel interface is available. This is far simpler than retrofitting the thousands of other programs that use libssl/libcrypto with RAND_poll calls.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.