I am not really comfortable to add more to this matter, but i think the
behavior of function ssl_rand_bytes() to retrieve entropy from the
'output' buffer is as documented.
Quoting OpenSSL documentation
(http://www.openssl.org/docs/crypto/RAND_bytes.html#DESCRIPTION):
"The contents of buf is mixed into the entropy pool before retrieving
the new pseudo-random bytes unless disabled at compile time"
As one can see, the 'buf' parameter, which in turn is passed to
ssl_rand_bytes() is both an input and an output parameter.
As such, programs that use RAND_bytes() with uninitialized buffers are
the ones to blame (while one could argue such procedure is not really
incorrect), not the library itself.
The currently patched ssl_rand_bytes() behavior is incoherent with the
expected from the available documentation, and the patch should be reverted.
Thank you.
Thiago Martins.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
