This is not a joke. Please clean up ssleay_rand_bytes:

 - do not mix the PID into the internal entropy pool, and
 - do not mix bits of the given output buffer into the internal entropy pool.

This will help detecting weaknesses in the rng itself as well as in
software that depends on this rng.

It will further help writing test cases to improve the quality of
client software.

Note that the second improvement may totally break already broken
client software. So please do note this in the changelog.

Regards R.
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to