[dobbsbob]

The problem is Linux, not LibreSSL. Kernel.org needs to figure out if they are depreciating or keeping sysctl and if they aren't, find a failsafe way of gathering entropy inside a chroot or when file descriptors are exhausted. You can't expect OpenSSL nor LibreSSL to cater to the slapstick that is linux kernel development. If they can't get their shit together then switch to BSD or OSX.

[mpyne]

I would propose that if Linux were truly broken, then LibreSSL portable (the "safe" replacement for OpenSSL) shouldn't be released for it. Plain and simple.

If, on the other hand, an actual official release of LibreSSL portable does show up for Linux, that is an implicit acknowledgment that it should be safe to use on Linux (though perhaps with restrictions, such as "must mknod /dev/urandom in a chroot environment, otherwise LibreSSL will abort and crash your app").

[cratermoon]

OSX? The compatibility code for getting entropy in OSX has just as much of a crummy fallback.

[jsmthrowaway]

How shocking. OpenBSD guts OpenSSL, breaks something while doing so, then the top comment is "well, Linux is broken, use a BSD."

[clarry]

Did OpenSSL ever work right? If it were that simple, then it'd be easy to take that back into LibreSSL and fix the problem. Alas, the problem is not so simple.

I don't think anyone so far has been able to demonstrate a way to get entropy and reseed the rng after forks, in a manner that always works no matter what, on Linux. Everyone's got criticism, some people have suggestions, and when these suggestions are followed, more pitfalls are discovered. This is a problem with Linux -- Linux simply does not provide the right APIs and the right guarantees. Right now, it might very well be impossible to abstract the rng away on Linux like they do on OpenBSD.

So is Linux broken? Well, it sure likes to make things difficult. It is possible to work around the problem, but you cannot solve it in a library. No, OpenSSL could not solve it either. What did OpenSSL then do? It pushed the responsibility on to the applications, out of the library. Someone else's problem. Not solved! This might be a viable workaround as long as the problem is properly documented and all applications implement the workaround correctly (which apparently isn't the case).

OpenBSD isn't about workarounds. Much of what they do is about eliminating pitfalls that do not need to be there. This translates to less headaches for users & admins as well as developers. It's been demonstrated too many times that developers get things wrong. The OpenBSD people want to provide simple APIs that just work; ones you cannot use wrong. If there's a function that should provide randomness and the system is capable of providing randomness at all, then that function must work. Period. The programmer doesn't need to dance around it until it starts working. And the programmer shouldn't need to dance around it every once in a while again to keep it working. This is how we can get more secure software.

EDIT: Feel free to correct me if I am wrong. Can you show the world how to implement this right?

[dobbsbob]

OpenSSL doesn't handle it any better. As per Matthew D Green "It's like asking whether the crew of the Space Shuttle should have parachutes to protect them in the event that the shuttle explodes. OpenSSL says 'yes,' LibreSSL says a better idea would be to prevent the shuttle from exploding in the first place".

LibreSSL isn't even production ready yet, getentropy_linux.c is still in the tree getting worked on, and the sysctl method works (for now) with (most) linux kernels as a failsafe API to gather entropy while inside a chroot/file descriptors exhausted.

For all we know next month kernel.org could roll out a new failsafe API for entropy collection and finally kill off sysctl.

[tzs]

I'd like both if I'm heading to space--I want my vehicle to not explode, and if it does explode I want a way to get back down to Earth reasonable safely.

At least several of the Challenger crew survived the explosion and were definitely conscious and functioning for at least several seconds afterwards, and oxygen use records indicate they were alive for the fall to the ocean (whether they were conscious or not for the whole fall depends on whether or not the cabin depressurized, which is not known).

So, parachutes for a Space Shuttle crew are not prima facie unreasonable. There are engineering issues, which ultimately were determined to make them not worth it.