I was asked off-list why we're doing this. A reasonable question. :)
There are many complains about the OpenSSL RNG. For started:
https://github.com/openssl/openssl/issues/2168
https://github.com/openssl/openssl/issues/898
https://github.com/openssl/openssl/issues/2457
https://github.com/openssl/openssl/issues/3125
Also, there's things like this:
It uses MD5
It has a global pool, not per-thread so there's locking
It doesn't use getrandom available on modern Linux systems
It uses other bizarre private hashing and mixes in time and getpid
To summarize, perhaps, let's just say that it is really really outdated. The
state of the art has advanced, and we have some catching-up to do.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
