I agree it's not going to be portable in the near term, though there are interesting changes being made and good code review happening.
Some dubious entropy sources were (only potentially?) used with RAND_seed/add: digests: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/dsa/dsa_asn1.c.diff?r1=1.7;r2=1.8 private key: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/rsa/rsa_crpt.c.diff?r1=1.2;r2=1.3 There is even a RAND_screen function on Win32 to use a screenshot of the desktop as an entropy source. I had a flashback to the Debian bug, and how uninitialised memory was being used for that purpose. They've ripped out this whole PRNG now to use the one from their own libc: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/rand/rand_lib.c.diff?r1=1.14;r2=1.15 Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/535476ac.2050...@pyro.eu.org
