Skip to Content [alt-c]


In reply to Comment by Anonymous

Andrew Ayer on 2014-07-17 at 18:28:

Yes, part of the problem is that on one hand, the LibreSSL developers are trying to make LibreSSL a drop-in replacement for OpenSSL, but on the other hand they want to ignore parts of the API that they don't like. This is a problem even if they are right about those API parts being bad.

Still, even if LibreSSL were being designed from scratch, I'd still want it to provide a way to open /dev/urandom in advance. A long-standing privilege separation idiom is to start execution outside of the chroot, open needed resources, and then chroot into a completely empty directory. We shouldn't change the way we do chroot jails just because LibreSSL refuses to provide an API to make it possible. Even libsodium, a modern crypto library that is frequently lauded for its good design, provides an API to open /dev/urandom in advance. Fortunately, LibreSSL's API deficiency is easily worked around by just asking for 1 byte of random data.


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.