* Nicolas Rachinsky: > The diffs > http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&view=diff&r1=141&r2=140&p1=openssl/trunk/rand/md_rand.c&p2=/openssl/trunk/rand/md_rand.c > and > http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300&view=diff&r1=300&r2=299&p1=openssl/trunk/crypto/rand/md_rand.c&p2=/openssl/trunk/crypto/rand/md_rand.c > (I got them from http://www.links.org/?p=327) suggest, that only half > of the problem was fixed. Is this correct?
No, the other hunk is benign. It mixes data from the target buffer of RAND_bytes into the pool, and this is completely optional (because it's not guaranteed that this data is random anyway). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
