[Pkg-openssl-devel] Bug#930061: Bug#930061: openssl: causes regression in kronosnet memory checks
Kurt Roeckx
kurt at roeckx.be
Thu Jun 6 20:44:55 BST 2019
severity 930061 normal
thanks
This was fixed upstream in:
commit 15d7e7997e219fc5fef3f6003cc6bd7b2e7379d4
Author: Pauli <paul.dale at oracle.com>
Date: Fri Mar 29 09:24:07 2019 +1000
Fix broken change from b3d113e.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)
(cherry picked from commit 711a161f03ef9ed7cd149a22bf1203700c103e96)
(For some reason this was not merged in the 1.1.1-stable branch
before the release.)
The problem itself is harmless. Uninitialized values get mixed
into the RNG.
I see your code calls RAND_seed(), telling that the packet you
received contains full entropy. Please don't do that, it does not
contain that much entropy. If you really feel like it somehow
helps the RNG, use RAND_add() and set randomness to 0. Or just
remove that line.
Kurt
More information about the Pkg-openssl-devel
mailing list