Erik de Castro Lopo wrote:
> So, my question is, is there any reason why Daniel Brahneborg's patch
> from 2003 wasn't applied? For reference, the patch (against 0.9.8c) is
> below.
Sorry, the patch was the wrong direction. The correct patch below.
Erik
diff -r -u openssl-0.9.8c/crypto/rand/rand_lib.c
openssl-0.9.8c-hacked/crypto/rand/rand_lib.c
--- openssl-0.9.8c/crypto/rand/rand_lib.c 2003-01-31 04:39:23.000000000
+1100
+++ openssl-0.9.8c-hacked/crypto/rand/rand_lib.c 2007-03-02
12:07:32.000000000 +1100
@@ -154,6 +154,7 @@
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
+ memset (buf, 0, num);
if (meth && meth->bytes)
return meth->bytes(buf,num);
return(-1);
--
+-----------------------------------------------------------+
Erik de Castro Lopo
+-----------------------------------------------------------+
The idea that Bill Gates has appeared like a knight in shining armour to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he who, by peddling second-rate technology, led them
into it in the first place. - Douglas Adams in Guardian, 25-Aug-95
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
