CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2022/10/20 09:18:54
Modified files:
lib/libssl : ssl_clnt.c
Log message:
Annotate misuse of EVP_Digest()
The session_id member of SSL_SESSION has 32 bytes for historical
reasons. This precisely accommodates a SHA-256 and is currently
computed using this hash. If the hash function is ever changed,
this will likely overflow. This should be fixed in code. Leave
it at an XXX comment for now.
Pointed out by jsing
