http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158 - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2014-06-07 22:23:12 +0000
committer	deraadt <deraadt@openbsd.org>	2014-06-07 22:23:12 +0000
commit	fae232511e9ac3b0227f88af4baa2ea26c975e9b (patch)
tree	9065c948cef2a9e4d5574085a3cf5b4f72c1e9c2 /lib/libssl/src/ssl/ssl_err.c
parent	Add missing NULL check after calling EVP_PKEY_new_mac_key(). (diff)
download	wireguard-openbsd-fae232511e9ac3b0227f88af4baa2ea26c975e9b.tar.xz wireguard-openbsd-fae232511e9ac3b0227f88af4baa2ea26c975e9b.zip

http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158

Don't know the full story, but it looks like a "can't do random perfectly, so do it god awful" problem was found in 2013, and replaced with "only do it badly if a flag is set". New flags (SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME) were added [Ben Laurie?] to support the old scheme of "use time_t for first 4 bytes of the random buffer". Nothing uses these flags [ecosystem scan by sthen] Fully discourage use of these flags in the future by removing support & definition of them. The buflen < 4 check is also interesting, because no entropy would be returned. No callers passed such small buffers. ok miod sthen

Diffstat (limited to 'lib/libssl/src/ssl/ssl_err.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: