Marek Marcola wrote:
Hello,
Erik Leunissen wrote:
I've run under valgrind an application which has been linked to
libcrypto.a from the openssl0.9.8b release. Valgrind reports some
warnings which all relate to "uninitialized values". I really do not
know whether that's significant, but just in case I attach the valgrind
output from that run.
Please let me know if further particulars are desired because it is
significant.
in case you've done some crypto operations requiring random numbers
(for example rsa with blinding) this is normal as openssl uses some
uninitialized memory as an additional source of random. If you build
openssl with -DPURIFY this warning should disappear.
Probably not.
This warning are (mostly) in BIGNUM library and they do not depend
on random memory.
I don't think this is true. Although the actual reading of initialized
memory happens somewhere in ssleay_rand_bytes() valgrind reports the
errors/warnings when the uninitialized memory is used for flow control,
memory management or system calls afaik and this will normally happen in
the bignum functions.
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
