I can't help but think that it would be better code if it noted the flaws in the standard routines and either avoided them or wrapped them instead of replacing them outright.
Bernstein wrote his software to run on a wide range of Unixoid systems, and the software performs security-sensitive tasks (mail [cr.yp.to], Web [cr.yp.to], and DNS [cr.yp.to] service, for example).
If you were in his position, how much effort would you want to spend keeping track of which routines were safe in which versions of which OSs -- particularly the closed-source Unix varieties? And if an upgrade to an OS introduces a security flaw in a routine that was previously safe, would you want to drop everything to get out a patch for that OS's users?
In this case, having a whole package of reimplemented routines that you know are safe strikes me as the lesser evil. --
Re:Personal recommendation (Score:2)
If you were in his position, how much effort would you want to spend keeping track of which routines were safe in which versions of which OSs -- particularly the closed-source Unix varieties? And if an upgrade to an OS introduces a security flaw in a routine that was previously safe, would you want to drop everything to get out a patch for that OS's users?
In this case, having a whole package of reimplemented routines that you know are safe strikes me as the lesser evil.
--