diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2007-09-21 10:10:47 +0000 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2007-09-21 10:10:47 +0000 |
commit | 29f4b05954073aece823784f7309d8778bff2aa7 (patch) | |
tree | b35dbd947867ef6c259aed03155951bb5f143cfe | |
parent | 48ca0c99b2bf78c756fe96d1ac71b66cd0b1a38a (diff) |
The use of the PURIFY macro in ssleay_rand_bytes() is sufficient to
resolve the Valgrind issue with random numbers. Undo the changes to
RAND_bytes() and RAND_pseudo_bytes() that are redundant in this
respect.
Update documentation and FAQ accordingly, as the PURIFY macro is
available at least since 0.9.7.
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 6 | ||||
-rw-r--r-- | doc/crypto/RAND_bytes.pod | 2 |
3 files changed, 1 insertions, 9 deletions
@@ -904,8 +904,6 @@ other test tools) will complain about this. When using Valgrind, make sure the OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings -The use of PURIFY with the PRNG was added in OpenSSL 0.9.8f. - =============================================================================== diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index f0ddc1ee45..513e338985 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -154,9 +154,6 @@ void RAND_add(const void *buf, int num, double entropy) int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); -#ifdef PURIFY - memset(buf, 0, num); -#endif if (meth && meth->bytes) return meth->bytes(buf,num); return(-1); @@ -165,9 +162,6 @@ int RAND_bytes(unsigned char *buf, int num) int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); -#ifdef PURIFY - memset(buf, 0, num); -#endif if (meth && meth->pseudorand) return meth->pseudorand(buf,num); return(-1); diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index 34f8cd2544..1a9b91e281 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -26,7 +26,7 @@ certain purposes in cryptographic protocols, but usually not for key generation etc. The contents of B<buf> is mixed into the entropy pool before retrieving -the new pseudo-random bytes unless disabled at compile time. +the new pseudo-random bytes unless disabled at compile time (see FAQ). =head1 RETURN VALUES |