Always DPURIFY

The use of the uninitialized buffer in the RNG has no real security benefits and is only a nuisance when using memory sanitizers. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-01-27 19:13:33 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-01-29 16:33:13 +0100
commit: d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (patch)
tree: 96b3eb018ab876f0f8842ef909e709904b1168c3 /CHANGES
parent: a01dab94622715fe2dd92a6f87a826cef6724e54 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 4f8fff5143..c400ba14a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
 
+  *) Always DPURIFY. Remove the use of uninitialized memory in the
+     RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
+     [Emilia Käsper]
+
   *) Removed many obsolete configuration items, including
         DES_PTR, DES_RISC1, DES_RISC2, DES_INT
         MD2_CHAR, MD2_INT, MD2_LONG
author	Emilia Kasper <emilia@openssl.org>	2016-01-27 19:13:33 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-01-29 16:33:13 +0100
commit	d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 (patch)
tree	96b3eb018ab876f0f8842ef909e709904b1168c3 /CHANGES
parent	a01dab94622715fe2dd92a6f87a826cef6724e54 (diff)