Comment by jeffbee
4 hours ago
Another "fix" in the long line of OpenSSL "fixes" that includes no changes to tests and therefore can't really be said to fix anything. Professional standards of software development are simply absent in the project, and apparently it cannot be reformed, because we've all been waiting a long time for OpenSSL to get its act together.
A test was added in this commit: https://github.com/openssl/openssl/commit/6297ac45d72ded9b45...
OpenSSL and other similar security substandard projects have process deficiencies that lead to similar bugs over and over again. They never seem to learn the lesson that doing the same thing and expecting a different result is stupidity and/or insanity.