diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-06-07 22:23:13 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2014-06-07 22:23:13 +0000 |
commit | 9ce3a7d021f0e0f96a9805e9582e2809aec597f0 (patch) | |
tree | dd7004eec69aae747096015ecf9ab313333ce39e /lib/libkvm/kvm_open.3 | |
parent | a2cfdec3a1bfecda7ad4862563f61969598f3c47 (diff) |
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2016265dfbab162ec30718b5e7480add42598158
Don't know the full story, but it looks like a "can't do random
perfectly, so do it god awful" problem was found in 2013, and
replaced with "only do it badly if a flag is set". New flags
(SSL_MODE_SEND_SERVERHELLO_TIME and SSL_MODE_SEND_SERVERHELLO_TIME)
were added [Ben Laurie?] to support the old scheme of "use time_t
for first 4 bytes of the random buffer".
Nothing uses these flags [ecosystem scan by sthen]
Fully discourage use of these flags in the future by removing
support & definition of them. The buflen < 4 check is also interesting,
because no entropy would be returned. No callers passed such small
buffers.
ok miod sthen
Diffstat (limited to 'lib/libkvm/kvm_open.3')
0 files changed, 0 insertions, 0 deletions