If RAND_load_file is called with a non-NULL file which does not exist,
then it still does:
i=stat(file,sb);
/* If the state fails, put some crap in anyway */
RAND_add(sb,sizeof(sb),0.0);
if (i 0) return(0);
And sb may well be uninitialized.
Obviously that's of
Guessing on the stack being non-predictable does not seem to improve
entropy too much to me. I have therefore modified the code to no longer
use uninitialized memory in any case.
Not relying on -DPURIFY will also make valgrind users happy :-)
Best regards,
Lutz
