Re: valgrind and openssl

Thu, 15 May 2008 13:52:09 -0700 

On Thu, May 15, 2008 at 12:29 PM, Geoff Thorpe <[EMAIL PROTECTED]> wrote:
> I forgot to mention something;
>
>> On Thursday 15 May 2008 12:38:24 John Parker wrote:
>> > >> > It is already possible to use openssl and valgrind - just build
>> > >> > OpenSSL with -DPURIFY, and it is quite clean.
>> >
>> > Actually on my system, just -DPURIFY doesn't satisfy valgrind.  What
>> > I'm asking for is something that both satisfies valgrind and doesn't
>> > reduce the keyspace.
>>
>> If you're using an up-to-date version of openssl when you see this (ie. a
>> recent CVS snapshot from our website, even if it's from a stable branch for
>> compatibility reasons), then please post details. -DPURIFY exists to
>> facilitate debuggers that don't like reading uninitialised data, so if
>> that's not the case then please provide details. Note however that there
>> are a variety of gotchas that allow you to create little leaks if you're
>> not careful, and valgrind could well be complaining about those instead.
>
> Note that you should always build with "no-asm" if you're doing this kind of
> debug analysis. The assembly optimisations are likely to operate at
> granularities and in ways that valgrind could easily complain about. I don't
> know that this is the case, but it would certainly make sense to compare
> before posting a bug report.

I'm still seeing a lot of errors from valgrind, even with the latest snapshot.

    19  15:12   tar xvfz ../openssl-0.9.8-stable-SNAP-20080515.tar.gz
    20  15:12   cd openssl-0.9.8-stable-SNAP-20080515/
    21  15:12   ls
    22  15:12   ./config no-asm -DPURIFY
    23  15:12   make
    24  15:14   valgrind ./apps/openssl genrsa 1024

Please let me know if I'm doing something wrong with this test sequence.

The problems occur on Red Hat 5.1 server x86_64.  For what it's worth,
I don't get errors on (updated :) Ubuntu 7.10.

I do get errors even with Bodo's addition to randfile.c.  I'd be happy
to post the valgrind output if that would be helpful.

-JP
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to