bug10402 583 B

1234567891011
  1. o Major bugfixes:
  2. - Do not allow OpenSSL engines to replace the PRNG, even when
  3. HardwareAccel is set. The only default builtin PRNG engine uses
  4. the Intel RDRAND instruction to replace the entire PRNG, and
  5. ignores all attempts to seed it with more entropy. That's
  6. cryptographically stupid: the right response to a new alleged
  7. entropy source is never to discard all previously used entropy
  8. sources. Fixes bug 10402; works around behavior introduced in
  9. OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
  10. and "rl1987".