openssl-1.0.0e: resolve conflicts

author: djm <djm@openbsd.org> 2011-11-03 02:34:28 +0000
committer: djm <djm@openbsd.org> 2011-11-03 02:34:28 +0000
commit: c32db552feb5310e2f4b27f02d313cfbf0b82a8a (patch)
tree: b7b6074be11e20dcb5106c8a27f96bcb3fcdf5c2 /lib/libssl/src/crypto/rand/md_rand.c
parent: import OpenSSL 1.0.0e (diff)
download: wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.tar.xz
wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.zip
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/libssl/src/crypto/rand/md_rand.c b/lib/libssl/src/crypto/rand/md_rand.c
index 88088ce73c3..b2f04ff13ec 100644
--- a/lib/libssl/src/crypto/rand/md_rand.c
+++ b/lib/libssl/src/crypto/rand/md_rand.c
@@ -476,11 +476,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 
 #ifndef PURIFY /* purify complains */
-		/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+		/* The following line uses the supplied buffer as a small
+		 * source of entropy: since this buffer is often uninitialised
+		 * it may cause programs such as purify or valgrind to
+		 * complain. So for those builds it is not used: the removal
+		 * of such a small source of entropy has negligible impact on
+		 * security.
+		 */
 		MD_Update(&m,buf,j);
-		/* We know that line may cause programs such as
-		   purify and valgrind to complain about use of
-		   uninitialized data.  */
 #endif
 
 		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
author	djm <djm@openbsd.org>	2011-11-03 02:34:28 +0000
committer	djm <djm@openbsd.org>	2011-11-03 02:34:28 +0000
commit	c32db552feb5310e2f4b27f02d313cfbf0b82a8a (patch)
tree	b7b6074be11e20dcb5106c8a27f96bcb3fcdf5c2 /lib/libssl/src/crypto/rand/md_rand.c
parent	import OpenSSL 1.0.0e (diff)
download	wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.tar.xz wireguard-openbsd-c32db552feb5310e2f4b27f02d313cfbf0b82a8a.zip