Lack of Entropy
Much has been said about the Debian/OpenSSL bug by people closer to it than I am. An expert view comes from Ben Laurie, who lays in to the Debian packagers for fixing an apparent bug locally, and not sharing it with upstream. In a second post, Ben clarifies some confusing issues, like whether OpenSSL is relying on uninitialised memory for entropy (not quite, but what it’s doing is not good either).
Ben’s wrath is well-deserved, but it seems to me there’s a fundamental reason why the OpenSSL folks must bear a share of the blame. Given the use of uninitialised memory, why wasn’t there a great big comment right there in the code, explaining it? Anything like that is sure to raise alarm bells in anyone reviewing the code, and send a programmer straight into fix-the-bug mode. And that’s an apparent-bug with a fix so simple that a compiler or runtime library could do it automatically. Don’t blame the Debian maintainer for fixing a blunder so trivial it must be a typo!
Why the “fix” went beyond just initialising that memory and broke it is beyond the scope of my (non-) research on the subject, and therefore this post.
UPDATE: Kudos to Michal Čihař for pointing out the upside to this sorry tale.