If RAND_load_file is called with a non-NULL file which does not exist,
then it still does:
i=stat(file,sb);
/* If the state fails, put some crap in anyway */
RAND_add(sb,sizeof(sb),0.0);
if (i 0) return(0);
And sb may well be uninitialized.
Obviously that's of no consequence normally, but it can provide
irritating noise if one's trying to track down real issues in an
application, so I suggest it not happen if PURIFY is defined.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]