>Another option is to move the _rs_stir_if_needed() calls from >_rs_random_u32() and _rs_random_buf() to arc4random() and >arc4random_buf(). The latter two are the subsystem's entry points.
That requires more careful review of the -portable versions in libcrypto. It seems they were forgotten. Maybe in a few years some of these will go away.. >Taking the fuzz value directly from getentropy() would be a clear >approach that does not add odd hoops, though some might feel it >uneconomic use of system entropy. ;) There is no such thing as 'system entropy' cost. The kernel buffer is mostly a long-duration chacha also, with the occasional refresh to pull from another sequence which does not measure entropy at all. This measuring entropy idea is garbage, and dead. The only concern for not doing this is system call overhead. arc4random one of the oldest ideas in computer science -- a local cache.
