Subject: CVS: cvs.openbsd.org: src
Newsgroups: gmane.os.openbsd.cvs
Date: Tuesday 15th April 2014 16:52:50 UTC (over 4 years ago)
CVSROOT: /cvs Module name: src Changes by: [email protected] 2014/04/15 10:52:50 Modified files: lib/libcrypto/crypto: Makefile lib/libssl/src/crypto/rand: rand.h rand_egd.c rand_lib.c rand_unix.c randfile.c lib/libssl/src/doc/crypto: RAND_add.pod RAND_egd.pod RAND_load_file.pod rand.pod Added files: lib/libssl/src/crypto/rand: rc4_rand.c Removed files: lib/libssl/src/crypto/rand: md_rand.c rand_lcl.h Log message: Replace the old OpenSSL PRNG by direct use of arc4random_buf(), keeping the existing RAND interfaces unchanged. All interfaces allowing external feed or seed of the RNG (either from a file or a local entropy gathering daemon) are kept for ABI compatibility, but are no longer do anything. While the OpenSSL PRNG was required 15+ years ago when many systems lacked proper entropy collection, things have evolved and one can reasonably assume it is better to use the kernel (system global) entropy pool rather than trying to build one's own and having to compensate for thread scheduling...Whoever thought that RAND_screen(), feeding the PRNG with the contents of the local workstation's display, under Win32, was a smart idea, ought to be banned from security programming. ok [email protected] [email protected] [email protected]