Hello, I have been doing some looking at openssl 0.9.7 and openssh3.5p1 and found a minor descrepancy. RAND_bytes() is called around line 69 of openbsd-compat/bsd-arc4random.c. It checks to see if the return is not zero. The RAND_bytes function can also return -1, too. All the code in openssl uses <=0 for the test rather than !. Best Regards, Steve Grubb __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online webhosting.yahoo.com
Steve G wrote:> Hello, > > I have been doing some looking at openssl 0.9.7 and > openssh3.5p1 and found a minor descrepancy. RAND_bytes() is > called around line 69 of openbsd-compat/bsd-arc4random.c. > It checks to see if the return is not zero. The RAND_bytes > function can also return -1, too. All the code in openssl > uses <=0 for the test rather than !.Fixed, thanks -d