OpenSSL Valhalla Rampage

_pfxa · on April 18, 2014

  --- src/lib/libssl/src/crypto/rsa/rsa_crpt.c	2014/04/15 21:06:10	1.2
  +++ src/lib/libssl/src/crypto/rsa/rsa_crpt.c	2014/04/17 13:14:26	1.3
  @@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_c
   	else
   		e = rsa->e;
   
  -	
  -	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
  -		{
  -		/* if PRNG is not properly seeded, resort to secret
  -		 * exponent as unpredictable seed */
  -		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
  -		}
  -
   	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
   		{
   		/* Set BN_FLG_CONSTTIME flag */

The diff the post is linked to.

etherael · on April 18, 2014

I would really love to know what the person who did this was thinking.

clarry · on April 18, 2014

Using strl(cat|cpy) correctly is not so hard but some people just don't care.

http://marc.info/?l=openbsd-tech&m=139783627710511&w=2

I like how in some of these the length of the source string is passed for destination buffer size.