@wyatt8740 Using uninitialized memory as entropy is generally a bad idea. It doesn’t really help and it breaks tools that you would generally want to use to find real bugs. The “fix” was incorrect, of course, but not idiotic. FWIW, the code is gone now: https://github.com/openssl/openssl/commit/75e2c877650444fb829547bdb58d46eb1297bc1a#diff-7540ce8fd73afa23b44db37b090c9aa47f5c361f8f2bb5508be45555e9a1f6bbL191

@saagar how does drbg do it? Also if you lack the ability to think critically about the warnings a program is giving you when programming in general I think you're sort of cruising for a bruising. Deep understanding is always better than "waving a chicken at it until the warnings go away," or trusting software to be infallible.