

OpenSSL Valhalla Rampage - etherael
http://opensslrampage.org/post/83007010531/well-even-if-time-isnt-random-your-rsa-private-key#disqus_thread

======
gkya

      --- src/lib/libssl/src/crypto/rsa/rsa_crpt.c	2014/04/15 21:06:10	1.2
      +++ src/lib/libssl/src/crypto/rsa/rsa_crpt.c	2014/04/17 13:14:26	1.3
      @@ -189,14 +189,6 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_c
       	else
       		e = rsa->e;
       
      -	
      -	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
      -		{
      -		/* if PRNG is not properly seeded, resort to secret
      -		 * exponent as unpredictable seed */
      -		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
      -		}
      -
       	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
       		{
       		/* Set BN_FLG_CONSTTIME flag */
    

The diff the post is linked to.

~~~
etherael
I would really love to know what the person who did this was thinking.

------
clarry
Using strl(cat|cpy) correctly is not so hard but some people just don't care.

[http://marc.info/?l=openbsd-
tech&m=139783627710511&w=2](http://marc.info/?l=openbsd-
tech&m=139783627710511&w=2)

I like how in some of these the length of the source string is passed for
destination buffer size.

