Bodo Moeller wrote: > However, another intentional use of potentially unitialized data is > still left as of > http://cvs.openssl.org/getfile/openssl/crypto/rand/randfile.c?v=1.47.2.2 > : > > i=fread(buf,1,n,in); > if (i <= 0) break; > /* even if n != i, use the full array */ > RAND_add(buf,n,(double)i); > > Changing this into RAND_add(buf,i,(double)i) should make verification > tools happier. Or it could be > > #ifdef PURIFY > RAND_add(buf,i,(double)i); > #else > RAND_add(buf,n,(double)i); > #endif > > (abusing the "PURIFY" macro with a more general meaning). > Good catch, patch applied :-)
Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]