Dr. Stephen Henson wrote: > On Mon, Jun 14, 2010, Nicholas Maniscalco wrote:
> >>> #ifndef PURIFY /* purify complains */ > >>> /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ > >>> if (!MD_Update(&m,buf,j)) > >>> goto err; > >>> /* We know that line may cause programs such as > >>> purify and valgrind to complain about use of > >>> uninitialized data. */ > >>> #endif > I think that extra comment within the #ifndef PURIFY was added in > error. That > call just uses the (possibly unitialised) buffer passed into > ssleay_rand_bytes() as a very minor source of entropy and is not part > of > PURIFY builds with no ill effects other than removing that minor source > of > entropy. I don't think the comment was added in error, just that it's a bit misleading. The purpose of the comment is to indicate that the decision to add uninitialized data to the pool was intentional and that this line reflects an intentional design decision. (And a correct one, IMO.) If the code is not 100% reliable without this line, then that's a bug in OpenSSL. However, I am quite convinced that it is, for all practical purposes, equally secure with or without this line of code. The code simply makes a different trade-off with PURIFY defined than without it. Both trade-offs are, IMO, appropriate for their respective conditions. OpenSSL with PURIFY defined is perfectly suitable for production use. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
