On 28/03/2012 4:56 PM, Igmar Palsenberg wrote:
......I could get rid of all these if I could tell Valgrind to ignore
any value created by RAND_load_file. Is there such a capability?
==00:00:00:17.356 30844== Conditional jump or move depends on
uninitialised value(s)
==00:00:00:17.356 30844== at 0x423F92B: SHA1_Final (in
/lib/i686/cmov/libcrypto.so.0.9.8)
==00:00:00:17.356 30844== by 0x418BA02: ??? (in
/usr/lib/libcurl.so.4.1.1)
==00:00:00:17.356 30844== Uninitialised value was created by a stack
allocation
==00:00:00:17.356 30844== at 0x42A2956: RAND_load_file (in
/lib/i686/cmov/libcrypto.so.0.9.8)
This was / is caused by the RNG using uninitialized bytes for it's
RNG. There was an article on slashdot a while ago, when the Debian guys
issues a patch to initialize the values (due to a valgrind report).
Result : Insecure SSH keys. See
http://wiki.debian.org/SSLkeys#End_User_Summary for more information.
My advice : Write a suppression for this.
Igmar
Thanks for the link - I'm aware of PRNG debian "solution" and debates
around valgrind/openssl.
>> Write a suppression for this.
That's my question - how? Or rather - can I write a suppression that
doesn't include the stack but just says ignore the error for any value
created in RAND_load_file? My impression is I can't.
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Valgrind-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/valgrind-users
