On Fri, May 01, 2020 at 07:19:09PM +0000, Taylor R Campbell wrote: > > The alias getentropy(p,n) := getrandom(p,n,GRND_INSECURE)
At several places in your document you imply this. But getentropy(p,n) is more like getrandom(p,n,0). That is, it also waits until it's seeded, it only blocks a single time. I hink we've previously talked about it, and you said the OpenBSD manpage doesn't mention anything related to it. But it's implied behaviour for OpenBSD, they never had an interface where you can get random numbers before it's properly seeded. At least Linux's glibc wrapper for getentropy documents this behaviour now: > A call to getentropy() may block if the system has just > booted and the kernel has not yet collected enough randomness to > initialize the entropy pool. It's the behaviour we see on all OSs that provide that interface. It's also the interface OpenSSL currently prefers. If you make getentropy() the insecure version, I will need to modify OpenSSL to switch to getrandom() on NetBSD. > slightly silly semantics of getrandom(p,n,GRND_RANDOM) I'm not sure, but I think on Linux GRND_RANDOM very recently started to behave exactly the same as passing 0, and /dev/random behaves like /dev/urandom except that it waits until it's seeded. /dev/random no longer has the weird concept that it can only return as much data as entropy that's been feeded in it. Kurt
