Not really an important issue, but here's a diff to bring the comments in rnd.c more up to date. In particular:
- The PRNG uses ChaCha20 instead of RC4 - The first few bytes are not thrown away anymore - The comments list ways to access the generated randomness; add getentropy() to that list Index: sys/dev/rnd.c =================================================================== RCS file: /cvs/src/sys/dev/rnd.c,v retrieving revision 1.159 diff -u -p -r1.159 rnd.c --- sys/dev/rnd.c 17 Jul 2014 13:38:22 -0000 1.159 +++ sys/dev/rnd.c 14 Sep 2014 22:50:55 -0000 @@ -76,17 +76,18 @@ * If this estimate goes to zero, the MD5 hash will continue to generate * output since there is no true risk because the MD5 output is not * exported outside this subsystem. It is next used as input to seed a - * RC4 stream cipher. Attempts are made to follow best practice - * regarding this stream cipher - the first chunk of output is discarded - * and the cipher is re-seeded from time to time. This design provides - * very high amounts of output data from a potentially small entropy - * base, at high enough speeds to encourage use of random numbers in - * nearly any situation. + * ChaCha20 stream cipher, which is re-seeded from time to time. This + * design provides very high amounts of output data from a potentially + * small entropy base, at high enough speeds to encourage use of random + * numbers in nearly any situation. Before OpenBSD 5.5, the RC4 stream + * cipher (also known as ARC4) was used instead of ChaCha20. * - * The output of this single RC4 engine is then shared amongst many + * The output of this single ChaCha20 engine is then shared amongst many * consumers in the kernel and userland via a few interfaces: * arc4random_buf(), arc4random(), arc4random_uniform(), randomread() - * for the set of /dev/random nodes, and the sysctl kern.arandom. + * for the set of /dev/random nodes, the sysctl kern.arandom, and the + * system call getentropy(), which provides seeds for process-context + * pseudorandom generators. * * Acknowledgements: * ================= @@ -666,7 +667,7 @@ _rs_random_u32(u_int32_t *val) return; } -/* Return one word of randomness from an RC4 generator */ +/* Return one word of randomness from a ChaCha20 generator */ u_int32_t arc4random(void) { @@ -680,7 +681,7 @@ arc4random(void) } /* - * Fill a buffer of arbitrary length with RC4-derived randomness. + * Fill a buffer of arbitrary length with ChaCha20-derived randomness. */ void arc4random_buf(void *buf, size_t n)