Yes: Aside from being a userspace CSPRNG (which is an additional risk of failure over the kernel's CSPRNG and doesn't provide defense-in-depth), it isn't thread-safe.
That link to NodeJS was a good read, I'm fairly convinced that we should ditch RAND_bytes from OpenSSL for something more secure, we'll look into LibSodium.
I've caught rumours of a possible RAND_sys_bytes which operates over the systems CSPRNG? We like to be conservative on the libs.
We'd like to tip you for your efforts, do you have a Bitcoin (or ShadowCash) address?
That link to NodeJS was a good read, I'm fairly convinced that we should ditch RAND_bytes from OpenSSL for something more secure, we'll look into LibSodium.
I've caught rumours of a possible RAND_sys_bytes which operates over the systems CSPRNG? We like to be conservative on the libs.
We'd like to tip you for your efforts, do you have a Bitcoin (or ShadowCash) address?