OpenSSL Valhalla Rampage is a blog chronicling the slop and eldritch horrors encountered as the OpenBSD team rips apart and re implements OpenSSL. I found this thanks to jurov dropping this link on IRC. Here's some highlights:
Remove unused ssl utils
This code is the reason perl has a name as a write only language.
Which pairs nicely with:
Â Â Â http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/crypto/rsa/rsa_crpt.c.diff?r1=1.2;r2=1.3
Do not feed RSA private key information to the random subsystem as entropy. It might be fed to a pluggable random subsystemâ€¦. What were they thinking?!
Go on and read the thing. Seeing as it is only a few hours old following its progress should continue to yield gems in the future.