subject:"\[openssl.org #1499\] Uninitialized value in RAND_load

[openssl.org #1499] Uninitialized value in RAND_load_file, with -DPURIFY

2007-03-02 Thread Bruce Stephens via RT

If RAND_load_file is called with a non-NULL file which does not exist,
then it still does:

i=stat(file,sb);
/* If the state fails, put some crap in anyway */
RAND_add(sb,sizeof(sb),0.0);
if (i  0) return(0);

And sb may well be uninitialized.

Obviously that's of no consequence normally, but it can provide
irritating noise if one's trying to track down real issues in an
application, so I suggest it not happen if PURIFY is defined.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #1499] Uninitialized value in RAND_load_file, with -DPURIFY

2007-03-02 Thread Lutz Jaenicke via RT

Guessing on the stack being non-predictable does not seem to improve
entropy too much to me. I have therefore modified the code to no longer
use uninitialized memory in any case.
Not relying on -DPURIFY will also make valgrind users happy :-)

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #1499] Uninitialized value in RAND_load_file, with -DPURIFY

[openssl.org #1499] Uninitialized value in RAND_load_file, with -DPURIFY

2 matches

Site Navigation

Mail list logo

Footer information