OT: OpenSSL 1.0.1f
coderman
coderman at gmail.com
Tue Jan 7 17:41:19 UTC 2014
On Tue, Jan 7, 2014 at 9:35 AM, coderman <coderman at gmail.com> wrote:
>...
> in any case, end result: use 1.0.1f and be happy
and if concerned that your OS distribution or upstream OpenSSL lacks this fix,
confirm yourself via openssl-1.0.1f/crypto/engine/eng_rdrand.c in patched src
if you see !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
in the near bottom of file static int bind_helper(ENGINE *e){} definition,
then you are safe from accidental use.
c.f. good ver: openssl-1.0.1f/crypto/engine/eng_rdrand.c
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
!ENGINE_set_name(e, engine_e_rdrand_name) ||
!ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
!ENGINE_set_init_function(e, rdrand_init) ||
!ENGINE_set_RAND(e, &rdrand_meth) )
return 0;
return 1;
}
More information about the nginx
mailing list