Hi, As OpenSSL, we want cryptograhic secure random numbers. Before getrandom(), Linux never provided a good API for that, both /dev/random and /dev/urandom have problems. getrandom() fixed that, so we switched to it were available.
It was possible to combine /dev/random and /dev/urandom, and get something that worked properly. You could call select() on /dev/random and know that both were initialized when it returned. But then select() started returning before /dev/random was initialized, so that if you switch to /dev/urnadom, it's still uninitialized. A solution for that was that you could instead read 1 byte from /dev/random, and then switch to /dev/urandom. But that also stopped working, /dev/urandom can still be uninitialized when you can read from /dev/random. So there no longer is a way to wait for /dev/urandom to be initialized. As a result of that, we now refuse to use /dev/urandom on recent kernels, and require to use of getrandom(). (To make this work with older userspace, this means we need to import all the different __NR_getrandom defines, and do the system call ourself.) But it seems people are now thinking about breaking getrandom() too, to let it return data when it's not initialized by default. Please don't. If you think such a mode is useful for some applications, let them set a flag, instead of the reverse. Kurt
