VMS stuff I forgot...

[openssl.git] / crypto / rand / md_rand.c

diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 810b4c2d4a61a25d4635453fa9ed6ab83e2c5025..88088ce73c3c2629753932e1fc2aa2ee2bbd06c6 100644 (file)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -272,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add)
                        }
                else
                        MD_Update(&m,&(state[st_idx]),j);
-                       
+
+               /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
                MD_Update(&m,buf,j);
+               /* We know that line may cause programs such as
+                  purify and valgrind to complain about use of
+                  uninitialized data.  The problem is not, it's
+                  with the caller.  Removing that line will make
+                  sure you get really bad randomness and thereby
+                  other problems such as very insecure keys. */
+
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
                MD_Final(&m,local_md);
                md_c[1]++;
@@ -466,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
-               MD_Update(&m,buf,j); /* purify complains */
+
+#ifndef PURIFY /* purify complains */
+               /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
+               MD_Update(&m,buf,j);
+               /* We know that line may cause programs such as
+                  purify and valgrind to complain about use of
+                  uninitialized data.  */
 #endif
+
                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
                if (k > 0)
                        {