Hi! I posted last week about valgrind and excessive complaints about the network data that my application receives.
Many thanks to those who posted suggestions. In particular, Christoph Bartoschek nailed it. My problem was caused by a combination of uninitialized data in libcrypto. Previous posts had suggested to re-compile openssl with -DPURIFY which helped a bit. Christoph also suggested some code mods to initialize some data in libcrypto/libssl. They were: 1) In bn_rand.c add at line 141: memset(buf, 0, bytes); =20 buf = (unsigned char *)OPENSSL_malloc(bytes); if (buf == NULL) { BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); goto err; } memset(buf, 0, bytes); 2) bn_mont.c: Initialize tmod variable declared at line 392 memset(&tmod, 0, sizeof(tmod)); Basically, what I think was happening was that the uninitialized data was essentially polluting (as far as valgrind is concerned) the data I received because it was derived from or calculated from the various uninitialized data down in the bowels of libssl/libcrypto. Adding -DPURIFY and the above code mods nearly eliminated all of the warnings. I also temporarily removed the seeding of the PRNG from my app and that completed the job of eliminating all unnecessary warnings. Now, the valgrind warnings that do appear are deserved. On the PRNG, when should one seed it? Before calling SSL_library_init() or after? I notice that, in some of the example programs floating around the net, the PRNG is never explicitly seeded. Thanks, Bobby ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]