Peter Waltenberg wrote:
> Yes, it's desirable that that data is "unknown" however there is a
> compromise possible:
> Complement the area. It'll mean valgrind will only complain at the correct
> place, or possibly not at all, and it's still random. The performance hit
> from doing that will be so small it won't matter.
>
> This annoyed me as well - the big advantage of valgrind is that it doesn't
> require recompilation to work and it's really good if you don't have to
> wade through all the flase alarms before you can find the real problems.
>
Not being a valgrind user... I do not see that leaving this area
uninitialized will
give us some cryptographically useful amount of entropy so that we could
as well memset it to 0...
Regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
