-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Lutz,
why not... Lutz Jaenicke wrote: > patch -p0 <<'@@ .' > Index: openssl/crypto/rand/rand_lib.c > ============================================================================ > $ cvs diff -u -r1.16 -r1.17 rand_lib.c > --- openssl/crypto/rand/rand_lib.c 30 Jan 2003 17:39:23 -0000 1.16 > +++ openssl/crypto/rand/rand_lib.c 2 Mar 2007 17:54:51 -0000 1.17 > @@ -154,6 +154,7 @@ > int RAND_bytes(unsigned char *buf, int num) > { > const RAND_METHOD *meth = RAND_get_rand_method(); > if (meth && meth->bytes) > return meth->bytes(buf,num); + memset(buf, 0, num); > return(-1); > @@ -162,6 +163,7 @@ > int RAND_pseudo_bytes(unsigned char *buf, int num) > { > const RAND_METHOD *meth = RAND_get_rand_method(); > if (meth && meth->pseudorand) > return meth->pseudorand(buf,num); + memset(buf, 0, num); > return(-1); This way memset() will only be called in error case. In the normal case the (not needed) memset will not waste processor cycles... This is a workaround for people that use debuging tools that generate results they can't understand. Bye Goetz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF6IG82iGqZUF3qPYRAsxeAKCD8YmCuSeZtWafatkPzTucLfeJEACfQZks IYF84gloJki7bH4uYidlbrs= =P0Kp -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]