* Daniel Brahneborg via RT ([EMAIL PROTECTED]) wrote: > > At lines 467-469 in crypto/rand/md_rand.c is an interesting > thing: > > #ifndef PURIFY > MD_Update(&m,buf,j); /* purify complains */ > #endif > > That is the code that causes the problem (I just verified > it with Valgrind). Does it have any bad side affects to > always skip that code? Since both Purify and Valgrind is > unhappy with that function call, something must be wrong > with it.
The reason, when you consider what the RAND_*** code is supposed to do, is that using uninitialised data (where available) is actually a better-than-nothing addition to the amount of entropy in the PRNG. IIRC it is not counted as an increment to the entropy seeded to the PRNG, more of a "freebie". Of course, purify/valgrind/etc will consider that bogus because it considers any access to uninitialised data as bad - after all, you never know *what* the memory might be set to. This of course is exactly the property you want to stir into the randomness pool ... Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.openssl.org/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
