On Wed, Mar 18, 2015 at 09:33:53AM -0600, Theo de Raadt wrote:
> [I mistakenly sent the wrong diff, sorry, here is the right diff]
>
> This is a further proposal for unification of the random number
> generator functions in our tree. It is based upon my previous work,
> but takes things a bit fur
As-is I think this is scary. I'd be happier about it if it shifted the
deterministic behaviour to a separate function rather than having the
rand_deterministic global switching all users of rand() in the process
into insecure mode. But that will be a bunch more work than the previous
sweep changing
Theo de Raadt wrote:
> I have also added matching rand_uniform() and rand_buf() functions.
> Bob Beck has pointed out this allows for later audit converting a few
> "rand() % moduli" cases into rand_uniform().
> void
> +rand_buf(void *buf, size_t n)
> +int
> +rand_uniform(uint32_t upper_bound)
This is a further proposal for unification of the random number
generator functions in our tree. It is based upon my previous work,
but takes things a bit further.
I am sending this now, but it is too early to commit. I think we need
two weeks of testing and review of the impact this has on Open
