From: Randall S. Becker <randall.becker@nexbridge.ca>
Date: Tue, 14 Jun 2022 10:10:53 +0000 (-0400)
Subject: Clarify use of EGD for HPNS in rand/rand_egd.c comments.
X-Git-Tag: openssl-3.2.0-alpha1~2516
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=93ed4b5fb40a8ece9d9c67041c4187d63dbfbd51;p=thirdparty%2Fopenssl.git

Clarify use of EGD for HPNS in rand/rand_egd.c comments.

Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18566)
---

diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index acb1165e0d8..f44b38d1a95 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -54,15 +54,17 @@ struct sockaddr_un {
 /*
  * HPNS:
  *
- *  Our current MQ 5.3 EGD requires compatability-mode sockets
- *  This code forces the mode to compatibility if required
- *  and then restores the mode.
+ *  This code forces the use of compatibility mode if required on HPE NonStop
+ *  when coreutils PRNGD is used and then restores the previous mode
+ *  after establishing the socket. This is not required on x86 where hardware
+ *  randomization should be used instead of EGD available as of OpenSSL 3.0.
+ *  Use --with-rand-seed=rdcpu when configuring x86 with 3.0 and above.
  *
  *  Needs review:
  *
  *  The better long-term solution is to either run two EGD's each in one of
  *  the two modes or revise the EGD code to listen on two different sockets
- *  (each in one of the two modes).
+ *  (each in one of the two modes) or use the hardware randomizer.
  */
 _variable
 int hpns_socket(int family,