Upgrading lwIP added a requirement for an LWIP_RAND function (see https://www.kb.cert.org/vuls/id/210620), but it's currently implemented with just a timestamp. There should be a service for generating random numbers like arc4random() that seeds itself properly on startup. Or e.g. a service for generating seeds that each process can expand with ctr_drbg or similar.
Might unlock some future TLS-related projects.
Upgrading lwIP added a requirement for an LWIP_RAND function (see https://www.kb.cert.org/vuls/id/210620), but it's currently implemented with just a timestamp. There should be a service for generating random numbers like arc4random() that seeds itself properly on startup. Or e.g. a service for generating seeds that each process can expand with ctr_drbg or similar.
Might unlock some future TLS-related projects.