Hi!
I posted last week about valgrind and excessive complaints about the
network data that my application receives.
Many thanks to those who posted suggestions. In particular, Christoph
Bartoschek nailed it.
My problem was caused by a combination of uninitialized data in
libcrypto. Previous posts had suggested to re-compile openssl with
-DPURIFY which helped a bit. Christoph also suggested some code mods
to initialize some data in libcrypto/libssl. They were:
1) In bn_rand.c add at line 141: memset(buf, 0, bytes); =20
buf = (unsigned char *)OPENSSL_malloc(bytes);
if (buf == NULL)
{
BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
goto err;
}
memset(buf, 0, bytes);
2) bn_mont.c: Initialize tmod variable declared at line 392
memset(&tmod, 0, sizeof(tmod));
Basically, what I think was happening was that the uninitialized data
was essentially polluting (as far as valgrind is concerned) the data I
received because it was derived from or calculated from the various
uninitialized data down in the bowels of libssl/libcrypto.
Adding -DPURIFY and the above code mods nearly eliminated all of the
warnings.
I also temporarily removed the seeding of the PRNG from my app and
that completed the job of eliminating all unnecessary warnings. Now,
the valgrind warnings that do appear are deserved.
On the PRNG, when should one seed it? Before calling
SSL_library_init() or after? I notice that, in some of the example
programs floating around the net, the PRNG is never explicitly
seeded.
Thanks,
Bobby
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
