From 7bbce69721077ad1f17a0b428b4f8f76bdf829e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Mon, 24 Sep 2007 11:01:18 +0000
Subject: [PATCH] Port from 0.9.8-stable

---
 FAQ                       | 11 +++++++++++
 crypto/rand/rand_lib.c    |  2 --
 doc/crypto/RAND_bytes.pod |  3 +++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/FAQ b/FAQ
index 1a66b1835..49db5d49c 100644
--- a/FAQ
+++ b/FAQ
@@ -67,6 +67,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 * I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of uninitialized data?
 * Why doesn't a memory BIO work when a file does?
 
 ===============================================================================
@@ -917,6 +918,16 @@ thread-safe):
   ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 
 
+* Why does Valgrind complain about the use of uninitialized data?
+
+When OpenSSL's PRNG routines are called to generate random numbers the supplied
+buffer contents are mixed into the entropy pool: so it technically does not
+matter whether the buffer is initialized at this point or not.  Valgrind (and
+other test tools) will complain about this. When using Valgrind, make sure the
+OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
+to get rid of these warnings.
+
+
 * Why doesn't a memory BIO work when a file does?
 
 This can occur in several cases for example reading an S/MIME email message.
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index adfec83b7..513e33898 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -154,7 +154,6 @@ void RAND_add(const void *buf, int num, double entropy)
 int RAND_bytes(unsigned char *buf, int num)
 	{
 	const RAND_METHOD *meth = RAND_get_rand_method();
-	memset(buf, 0, num);
 	if (meth && meth->bytes)
 		return meth->bytes(buf,num);
 	return(-1);
@@ -163,7 +162,6 @@ int RAND_bytes(unsigned char *buf, int num)
 int RAND_pseudo_bytes(unsigned char *buf, int num)
 	{
 	const RAND_METHOD *meth = RAND_get_rand_method();
-	memset(buf, 0, num);
 	if (meth && meth->pseudorand)
 		return meth->pseudorand(buf,num);
 	return(-1);
diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
index ce6329ce5..1a9b91e28 100644
--- a/doc/crypto/RAND_bytes.pod
+++ b/doc/crypto/RAND_bytes.pod
@@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for
 certain purposes in cryptographic protocols, but usually not for key
 generation etc.
 
+The contents of B<buf> is mixed into the entropy pool before retrieving
+the new pseudo-random bytes unless disabled at compile time (see FAQ).
+
 =head1 RETURN VALUES
 
 RAND_bytes() returns 1 on success, 0 otherwise. The error code can be