Bodo Moeller wrote:
> However, another intentional use of potentially unitialized data is
> still left as of
> http://cvs.openssl.org/getfile/openssl/crypto/rand/randfile.c?v=1.47.2.2
> :
>
> i=fread(buf,1,n,in);
> if (i <= 0) break;
> /* even if n != i, use the full array */
> RAND_add(buf,n,(double)i);
>
> Changing this into RAND_add(buf,i,(double)i) should make verification
> tools happier. Or it could be
>
> #ifdef PURIFY
> RAND_add(buf,i,(double)i);
> #else
> RAND_add(buf,n,(double)i);
> #endif
>
> (abusing the "PURIFY" macro with a more general meaning).
>
Good catch, patch applied :-)
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
