dan, 1 month ago OpenSSL did add to the entropy pool a bunch uninitialized memory and the PID. Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it. The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.
OpenSSL did add to the entropy pool a bunch uninitialized memory and the PID.
Did they have a comment above the code explaining why it was doing it that way? If not, I’d blame OpenSSL for it.
The OpenSSL codebase has a bunch of issues, which is why somewhat-API-compatible forks like LibreSSL and BoringSSL exist.