

Ask HN: What's happening to openssl? - zaroth

For example here: http:&#x2F;&#x2F;www.openbsd.org&#x2F;cgi-bin&#x2F;cvsweb&#x2F;src&#x2F;lib&#x2F;libssl&#x2F;src&#x2F;crypto&#x2F;dsa&#x2F;dsa_asn1.c.diff?r1=1.7;r2=1.8<p>It looks like them taking out an attempt to ensure PRNG is seeded by throwing some data at it. Worst case scenario is that it has no effect, you can&#x27;t lower entropy in a pool by adding data as long as you have a working hash function.<p>We know that with DSA the entire security of the signature depends on having a good random source, unless you are using a deterministic scheme, but that&#x27;s a different function.<p>In this case it looks like they are taking out possible entropy sources just when entropy is most required. Why is this a good thing?
======
jwise0
This does not actually seed the PRNG. User-provided data is not entropy:
entropy needs to be random, not deterministic. In OpenSSL, PRNGs are
pluggable, as well, which means that some modes of seeding the PRNG could
actually leak sensitive user data out of the process!

This code shouldn't have been there in the first place, and wasn't doing any
good.

------
tobiasu
OpenSSLs internal PRNG framework was ripped out and only the (noop) API is
left. arc4random is the only PRNG source left, it can not fail and doesn't
need to be seeded.

OpenBSD goes to great lengths and sacrifices some performance to ensure the
kernel PRNG is always useable.

------
zaroth
Clickable: [http://www.openbsd.org/cgi-
bin/cvsweb/src/lib/libssl/src/cry...](http://www.openbsd.org/cgi-
bin/cvsweb/src/lib/libssl/src/crypto/dsa/dsa_asn1.c.diff?r1=1.7;r2=1.8)

