diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-06-07 22:23:13 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-06-07 22:23:13 +0000 |
commit | 03f954672632bb6771359fe14ed9755dde86ddd7 (patch) | |
tree | 2cf253324935eed59659b3ace469ab7be9cdd0ec /lib/libcurses/curs_window.3 | |
parent | db37dd011c635f593b39c0ba38da3ad4656aa372 (diff) |
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158
Don't know the full story, but it looks like a "can't do random
perfectly, so do it god awful" problem was found in 2013, and
replaced with "only do it badly if a flag is set". New flags
(SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME)
were added [Ben Laurie?] to support the old scheme of "use time_t
for first 4 bytes of the random buffer".
Nothing uses these flags [ecosystem scan by sthen]
Fully discourage use of these flags in the future by removing
support & definition of them. The buflen < 4 check is also interesting,
because no entropy would be returned. No callers passed such small
buffers.
ok miod sthen
Diffstat (limited to 'lib/libcurses/curs_window.3')
0 files changed, 0 insertions, 0 deletions