OpenBSD devs comments documenting progress with cleaning of OpenSSL codebase

19 points by zytek 12 years ago · 5 comments

Reader

zytekOP 12 years ago

Some of it:

    todo: do not leave 15 year old todo lists in the tree.


    This code is the reason perl has a name as a write only language.


    Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

    Do not feed RSA private key information to the random subsystem as entropy.  
    It might be fed to a pluggable random subsystem.... What were they thinking?!

    <RANT> Whoever thought that RAND_screen(), feeding the PRNG with the contents 
    of the local workstation's display, under Win32, was a smart idea, 
    ought to be banned from security programming. </RANT>

Edit: just noticed, there's a BLOG with it.. http://opensslrampage.org/

LaSombra 12 years ago

    - Why do we hide from the OpenSSL police, dad?
    - Because they're not like us, son. They use macros to wrap stdio routines,
      for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
      obfuscate the code.

cratermoon 12 years ago

What is the "UPLINK" interface spoken of in the OPENSSL_USE_APPLINK changes?

Freaky 12 years ago

A more accurate link: http://freshbsd.org/search?project=openbsd&q=file.name%3Alib...

Settings

OpenBSD devs comments documenting progress with cleaning of OpenSSL codebase

Keyboard Shortcuts