|
|
|
|
|
|
by lmm
395 days ago
|
|
|
> XORing it in guaranteed that it couldn't subtract entropy, but if there were no other entropy sources they failed to return an error. No, they XORed data from a bunch of entropy sources into an intermediate buffer (that was never initialised, because the whole point of it was to be random) and then XORed that into a buffer from which the key was made. Debian's patch removed that final XOR. It wasn't a bug in the original code (other than being hard to understand). |
|
|