Hi,
I'm using Valgrind to debug a program that uses the OpenSSL
libraries, and got warnings about uninitialized data in the
function RSA_padding_add_PKCS1_type_2(), on the line with
"} while (*p == '\0');" (line 171 in version 0.9.7a). The
following patch ensures that the data is always modified,
something that the bytes() method obviously fails to do.
--- openssl-0.9.7a/crypto/rand/rand_lib.c Thu Jan 30 18:37:45 2003
+++ openssl-0.9.7a-safe/crypto/rand/rand_lib.c Wed Feb 26 13:48:27 2003
@@ -154,6 +154,7 @@
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
+ memset(buf, 0, num);
if (meth && meth->bytes)
return meth->bytes(buf,num);
return(-1);
/Basic
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
