OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Lutz
Jaenicke
Root: /v/openssl/cvs Email:
jaenicke openssl.org
Module: openssl Date:
24-Sep-2007 13:01:19
Branch: HEAD Handle:
2007092412005325
Modified files:
openssl FAQ
openssl/crypto/rand rand_lib.c
openssl/doc/crypto RAND_bytes.pod
Log:
Port from 0.9.8-stable
Summary:
Revision Changes Path
1.120 +11 -0 openssl/FAQ
1.18 +0 -2 openssl/crypto/rand/rand_lib.c
1.6 +3 -0
openssl/doc/crypto/RAND_bytes.pod
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/FAQ
============================================================
================
$ cvs diff -u -r1.119 -r1.120 FAQ
--- openssl/FAQ 23 Feb 2007 13:16:38 -0000 1.119
+++ openssl/FAQ 24 Sep 2007 11:00:53 -0000 1.120
-67,6 +67,7
* Why doesn't my server application receive a client
certificate?
* Why does compilation fail due to an undefined symbol
NID_uniqueIdentifier?
* I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of
uninitialized data?
* Why doesn't a memory BIO work when a file does?
============================================================
===================
-917,6 +918,16
ERR_free_strings(), EVP_cleanup() and
CRYPTO_cleanup_all_ex_data().
+* Why does Valgrind complain about the use of
uninitialized data?
+
+When OpenSSL's PRNG routines are called to generate
random numbers the supplied
+buffer contents are mixed into the entropy pool: so it
technically does not
+matter whether the buffer is initialized at this point or
not. Valgrind (and
+other test tools) will complain about this. When using
Valgrind, make sure the
+OpenSSL library has been compiled with the PURIFY macro
defined (-DPURIFY)
+to get rid of these warnings.
+
+
* Why doesn't a memory BIO work when a file does?
This can occur in several cases for example reading an
S/MIME email message.
.
patch -p0 <<' .'
Index: openssl/crypto/rand/rand_lib.c
============================================================
================
$ cvs diff -u -r1.17 -r1.18 rand_lib.c
--- openssl/crypto/rand/rand_lib.c 2 Mar 2007 17:54:51
-0000 1.17
+++ openssl/crypto/rand/rand_lib.c 24 Sep 2007 11:01:07
-0000 1.18
-154,7 +154,6
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- memset(buf, 0, num);
if (meth && meth->bytes)
return meth->bytes(buf,num);
return(-1);
-163,7 +162,6
int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
- memset(buf, 0, num);
if (meth && meth->pseudorand)
return meth->pseudorand(buf,num);
return(-1);
.
patch -p0 <<' .'
Index: openssl/doc/crypto/RAND_bytes.pod
============================================================
================
$ cvs diff -u -r1.5 -r1.6 RAND_bytes.pod
--- openssl/doc/crypto/RAND_bytes.pod 25 Sep 2002 13:33:27
-0000 1.5
+++ openssl/doc/crypto/RAND_bytes.pod 24 Sep 2007 11:01:18
-0000 1.6
-25,6 +25,9
certain purposes in cryptographic protocols, but usually
not for key
generation etc.
+The contents of B<buf> is mixed into the entropy
pool before retrieving
+the new pseudo-random bytes unless disabled at compile
time (see FAQ).
+
=head1 RETURN VALUES
RAND_bytes() returns 1 on success, 0 otherwise. The error
code can be
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
