On Thu, Nov 05, 2020 at 01:59:11PM +0100, Daniel Gustafsson wrote:
> Not yet, and potentially never will. Given the consequences of a PRNG which
> hasn't been properly initialized I think it's ok to be defensive in this
> codepath however.
+ /*
+ * In case the backend is using the PRNG from OpenSSL without being built
+ * with support for OpenSSL, make sure to perform post-fork initialization.
+ * If the backend is using OpenSSL then we have already performed this
+ * step. The same version caveat as discussed in the comment above applies
+ * here as well.
+ */
+#ifndef USE_OPENSSL
+ RAND_poll();
+#endif
I still don't see the point of this extra complexity, as
USE_OPENSSL_RANDOM implies USE_OPENSSL, and we also call RAND_poll() a
couple of lines down in the main function under USE_OPENSSL_RANDOM.
So I would just remove this whole block, and replace the comment by a
simple "initialization already done above".
--
Michael