diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-06-16 13:15:31 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-06-16 13:15:31 +0000 |
commit | a7c64928c83598b4807abd45e12d7544574ef09a (patch) | |
tree | 0ee33e67d3fe4e59439bccfe58ec239671aae0a4 /crypto/rand/md_rand.c | |
parent | c8bbd98a2b0c2a5164c42f951cd2866512839b5a (diff) |
clarify comment
Diffstat (limited to 'crypto/rand/md_rand.c')
-rw-r--r-- | crypto/rand/md_rand.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 4e581f3917..943c936483 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -492,12 +492,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) goto err; #ifndef PURIFY /* purify complains */ - /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to + * complain. So for those builds it is not used: the removal + * of such a small source of entropy has negligible impact on + * security. + */ if (!MD_Update(&m,buf,j)) goto err; - /* We know that line may cause programs such as - purify and valgrind to complain about use of - uninitialized data. */ #endif k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; |