From d8ca44ba4158a9dafeaa30d3cba6f113904d2aa6 Mon Sep 17 00:00:00 2001
From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 27 Jan 2016 19:13:33 +0100
Subject: Always DPURIFY

The use of the uninitialized buffer in the RNG has no real security
benefits and is only a nuisance when using memory sanitizers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 4f8fff5143..c400ba14a7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
 
+  *) Always DPURIFY. Remove the use of uninitialized memory in the
+     RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
+     [Emilia Käsper]
+
   *) Removed many obsolete configuration items, including
         DES_PTR, DES_RISC1, DES_RISC2, DES_INT
         MD2_CHAR, MD2_INT, MD2_LONG
-- 
cgit v1.2.3