On Thu, Nov 05, 2020 at 01:59:11PM +0100, Daniel Gustafsson wrote: > Not yet, and potentially never will. Given the consequences of a PRNG which > hasn't been properly initialized I think it's ok to be defensive in this > codepath however.
+ /* + * In case the backend is using the PRNG from OpenSSL without being built + * with support for OpenSSL, make sure to perform post-fork initialization. + * If the backend is using OpenSSL then we have already performed this + * step. The same version caveat as discussed in the comment above applies + * here as well. + */ +#ifndef USE_OPENSSL + RAND_poll(); +#endif I still don't see the point of this extra complexity, as USE_OPENSSL_RANDOM implies USE_OPENSSL, and we also call RAND_poll() a couple of lines down in the main function under USE_OPENSSL_RANDOM. So I would just remove this whole block, and replace the comment by a simple "initialization already done above". -- Michael
signature.asc
Description: PGP signature
