Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
OpenBSD devs comments documenting progress with cleaning of OpenSSL codebase (freshbsd.org)
19 points by zytek on April 17, 2014 | hide | past | favorite | 4 comments


Some of it:

    todo: do not leave 15 year old todo lists in the tree.


    This code is the reason perl has a name as a write only language.


    Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.

    Do not feed RSA private key information to the random subsystem as entropy.  
    It might be fed to a pluggable random subsystem.... What were they thinking?!

    <RANT> Whoever thought that RAND_screen(), feeding the PRNG with the contents 
    of the local workstation's display, under Win32, was a smart idea, 
    ought to be banned from security programming. </RANT>
Edit: just noticed, there's a BLOG with it.. http://opensslrampage.org/


    - Why do we hide from the OpenSSL police, dad?
    - Because they're not like us, son. They use macros to wrap stdio routines,
      for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
      obfuscate the code.


What is the "UPLINK" interface spoken of in the OPENSSL_USE_APPLINK changes?


A more accurate link: http://freshbsd.org/search?project=openbsd&q=file.name%3Alib...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: