Skip to Content [alt-c]


In reply to LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]

Reader no. 6 on 2014-07-15 at 10:43:

RAND_poll is rarely used at all, and correct use is very uncommon. Sure the API exists but looking in package source in Debian and OpenBSD I only found 5 programs using it safely: Net::SSLeay, libevent sample code (also present in the copy of libevent in mozilla trees), Tor, lldpd, dnscrypt-proxy.

A few more use it incorrectly i.e. without checking the return code:

virtuoso, libjingle (some correct checks, some not), uim, kopete, x11vnc/ssvnc, libofetion, libevhtp, libtango, Crypt::SMIME, stone

But then given that OpenSSL doesn't document it (surprise!) and itself uses it unchecked (in the stub for RAND_screen), who can blame them?

I think people are missing the point of the "truly scary function". Read the comments, especially lines 130-153. This is more a case of "if your kernel doesn't provide a reliable means to fetch entropy, we'll try what we can, but there really isn't much we can do".

In my opinion, what is needed is an intent to continue maintaining the sysctl interface until an alternative safe kernel interface is available. This is far simpler than retrofitting the thousands of other programs that use libssl/libcrypto with RAND_poll calls.


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.