FIY
It’s probably worth noting at this point that there are a few lessons to the debian OpenSSL débâcle: There is now a corollary to “do not write your own cryptographic routines”: “do not fix bugs in someone else’s cryptographic routines.” If there is a annotated view of the OpenSSL tree (I don’t know/don’t care), the …