The OpenSSL FAQ says that with a -DPURIFY build no messages about uninitialized data should appear:
https://www.openssl.org/support/faq.html#PROG14 "14. Why does Valgrind complain about the use of uninitialized data? When OpenSSL's PRNG routines are called to generate random numbers the supplied buffer contents are mixed into the entropy pool: so it technically does not matter whether the buffer is initialized at this point or not. Valgrind (and other test tools) will complain about this. When using Valgrind, make sure the OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings." The following test was done with Git commit id 802fdcda1ebc4241a8e02af0046ba2f5264f71f6 from the OpenSSL_1_0_2-stable branch on Linux Intel 64-bit. I added the following line to the "Configure" script (I want to compile with -DPURIFY, but without actually running the compiler under the "purify" command): "mypurify", "gcc:-g -DPURIFY -Wall::(unknown)::::::", Executed the following commands: $ ./Configure mypurify no-dso no-shared no-asm $ make depend $ make clean $ make $ make test Go to the "test" directory and execute the "ecdsatest" executable under valgrind: $ cd test $ valgrind ./ecdsatest ==31925== Memcheck, a memory error detector ==31925== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==31925== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==31925== Command: ./ecdsatest ==31925== some tests from X9.62: testing prime192v1: .... ok testing prime239v1: ....==31925== Use of uninitialised value of size 8 ==31925== at 0x459E40: bn_GF2m_mul_1x1 (bn_gf2m.c:145) ==31925== by 0x45A030: bn_GF2m_mul_2x2 (bn_gf2m.c:215) ==31925== by 0x45A99A: BN_GF2m_mod_mul_arr (bn_gf2m.c:417) ==31925== by 0x438959: ec_GF2m_simple_field_mul (ec2_smpl.c:702) ==31925== by 0x438BC3: gf2m_Madd (ec2_mult.c:128) ==31925== by 0x439391: ec_GF2m_montgomery_point_multiply (ec2_mult.c:284) ==31925== by 0x439616: ec_GF2m_simple_mul (ec2_mult.c:355) ==31925== by 0x419B9D: EC_POINTs_mul (ec_lib.c:1057) ==31925== by 0x419C2C: EC_POINT_mul (ec_lib.c:1071) ==31925== by 0x41C9A9: EC_KEY_generate_key (ec_key.c:284) ==31925== by 0x401B32: x9_62_test_internal (ecdsatest.c:202) ==31925== by 0x401DF5: x9_62_tests (ecdsatest.c:266) ==31925== ==31925== Use of uninitialised value of size 8 ==31925== at 0x459E58: bn_GF2m_mul_1x1 (bn_gf2m.c:146) ==31925== by 0x45A030: bn_GF2m_mul_2x2 (bn_gf2m.c:215) ==31925== by 0x45A99A: BN_GF2m_mod_mul_arr (bn_gf2m.c:417) ==31925== by 0x438959: ec_GF2m_simple_field_mul (ec2_smpl.c:702) ==31925== by 0x438BC3: gf2m_Madd (ec2_mult.c:128) ==31925== by 0x439391: ec_GF2m_montgomery_point_multiply (ec2_mult.c:284) ==31925== by 0x439616: ec_GF2m_simple_mul (ec2_mult.c:355) ==31925== by 0x419B9D: EC_POINTs_mul (ec_lib.c:1057) ==31925== by 0x419C2C: EC_POINT_mul (ec_lib.c:1071) ==31925== by 0x41C9A9: EC_KEY_generate_key (ec_key.c:284) ==31925== by 0x401B32: x9_62_test_internal (ecdsatest.c:202) ==31925== by 0x401DF5: x9_62_tests (ecdsatest.c:266) ... and so on... The full report is to big to include it inline, I add it as a compressed attachment. -- Stephan
ecdsatest.valgrind.txt.gz
Description: GNU Zip compressed data