On Thursday 15 May 2008 12:38:24 John Parker wrote: > >> > It is already possible to use openssl and valgrind - just build > >> > OpenSSL with -DPURIFY, and it is quite clean. > > Actually on my system, just -DPURIFY doesn't satisfy valgrind. What > I'm asking for is something that both satisfies valgrind and doesn't > reduce the keyspace.
If you're using an up-to-date version of openssl when you see this (ie. a recent CVS snapshot from our website, even if it's from a stable branch for compatibility reasons), then please post details. -DPURIFY exists to facilitate debuggers that don't like reading uninitialised data, so if that's not the case then please provide details. Note however that there are a variety of gotchas that allow you to create little leaks if you're not careful, and valgrind could well be complaining about those instead. > > This blog does not suggest that building with -DPURIFY would a problem > > and nor should it. I think you may have misunderstood the details of this > > issue. > > I am clearly misunderstanding something. You seem to be saying that > -DPURIFY satisfies valgrind but doesn't reduce the keyspace. I'm > prepared to take it on faith that -DPURIFY doesn't reduce the > keyspace. Well, more generally than some "keyspace" is the randomness of the PRNG itself. (Your keys are only random if the PRNG's output is random.) But yes, I'm saying that -DPURIFY does not diminish the quality of the PRNG, except *possibly* by some unquantifiable amount that you couldn't safely depend on anyway. As for your other mail; On Thursday 15 May 2008 12:09:46 John Parker wrote: > > All of this is independent of proper entropy seeding to the PRNG, which > > is what the debian patch crushed and which in turn led to the high > > seismic reading in the blogosphere. But it may help explain why I do > > *not* want us to unilaterally remove the use of uninitialised data in the > > PRNG. That seems to be motivated by a capitulation to the weight of users > > (or packagers) who don't know how to read the FAQ. Perhaps what we should > > do instead is > > I think we should be less worried how things "seem" and more worried > about the practical consequences. That is more or less what I was doing. I hope that was clear. > > change -DPURIFY to -DNO_UNINIT_DATA or something else which has a clearer > > intention, so that debug packages (or even base packages that want to be > > valgrind-friendly) have a straightforward mechanism to apply. Well, a > > straightforward mechanism that doesn't kill the PRNG outright, I mean > > (otherwise there is already a highly-publicised patch we could apply...) > > What I was hoping for was a -DNO_UNINIT_DATA that wouldn't be the > default, but wouldn't reduce the keyspace either. I believe this has been answered. For now, it's called -DPURIFY. > Can someone provide a pointer to this highly-publicized patch? I'm > afraid I'm dreadfully ignorant of the blogosphere. You started this mail thread, so you go and find it! :-) The patch I was referring to, tongue-in-cheek, is the debian patch that crippled the PRNG. As for the blogosphere, you aren't missing much, I'd recommend that continued "ignorance" would be far from dreadful - in fact I intend to join you in that respect, once this was-it-debian's-fault-or-openssl's-fault nonsense has died down a bit. Cheers, Geoff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]