48b3ca7292
explicitly seed the OpenSSL RNG in each new process rather than letting it repeatedly open /dev/urandom to reseed, which depletes entropy severely. Note that the OpenSSH part of this fix works better on NetBSD than it would on many other platforms because on NetBSD, if you don't reopen /dev/urandom, repeated reads don't deplete entropy. On other platforms, some other approach might be required. Note also that this problem does not arise on OpenBSD because OpenBSD seems to have patched OpenSSL to seed the RAND functions from arc4random()! That seems dangerous, so I am not taking that approach here. |
||
|---|---|---|
| .. | ||
| dist/ipsec-tools | ||
| external | ||
| Makefile.openssl | ||
| TODO | ||