

OpenBSD devs comments documenting progress with cleaning of OpenSSL codebase - zytek
http://freshbsd.org/search?q=libssl

======
zytek
Some of it:

    
    
        todo: do not leave 15 year old todo lists in the tree.
    
    
        This code is the reason perl has a name as a write only language.
    
    
        Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function.
    
        Do not feed RSA private key information to the random subsystem as entropy.  
        It might be fed to a pluggable random subsystem.... What were they thinking?!
    
        <RANT> Whoever thought that RAND_screen(), feeding the PRNG with the contents 
        of the local workstation's display, under Win32, was a smart idea, 
        ought to be banned from security programming. </RANT>
    
    

Edit: just noticed, there's a BLOG with it..
[http://opensslrampage.org/](http://opensslrampage.org/)

------
LaSombra

        - Why do we hide from the OpenSSL police, dad?
        - Because they're not like us, son. They use macros to wrap stdio routines,
          for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to
          obfuscate the code.

~~~
cratermoon
What is the "UPLINK" interface spoken of in the OPENSSL_USE_APPLINK changes?

------
Freaky
A more accurate link:
[http://freshbsd.org/search?project=openbsd&q=file.name%3Alib...](http://freshbsd.org/search?project=openbsd&q=file.name%3Alibssl)

