Ben Laurie schrieb:
> Lutz Jaenicke wrote:
>
>> Lutz Jaenicke wrote:
>>
>>> Peter Waltenberg wrote:
>>>
>>>
>>>> Yes, it's desirable that that data is "unknown" however there is a
>>>> compromise possible:
>>>> Complement the area. It'll mean valgrind will only complain at the correct
>>>> place, or possibly not at all, and it's still random. The performance hit
>>>> from doing that will be so small it won't matter.
>>>>
>>>> This annoyed me as well - the big advantage of valgrind is that it doesn't
>>>> require recompilation to work and it's really good if you don't have to
>>>> wade through all the flase alarms before you can find the real problems.
>>>>
>>>>
>>>>
>>> Not being a valgrind user... I do not see that leaving this area
>>> uninitialized will
>>> give us some cryptographically useful amount of entropy so that we could
>>> as well memset it to 0...
>>>
>>>
>> Ok, I have just applied the patch to 0.9.8-stable and 0.9.9-dev.
>>
>
> Oi. Don't do that.
>
>
Why not?
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
