>> > It is already possible to use openssl and valgrind - just build OpenSSL >> > with -DPURIFY, and it is quite clean.
Actually on my system, just -DPURIFY doesn't satisfy valgrind. What I'm asking for is something that both satisfies valgrind and doesn't reduce the keyspace. >> > (we do it all the time here with WvStreams and Pathfinder, and it works >> > like a charm). >> >> The problem is that this may reduce the keyspace so that keys are >> guessable. > > No it won't, it removes an "entropy source" whose quality is known to be > unknown, ie. it may add nothing useful, it gets used "just in case". Removing > it does not "reduce the keypsace" at all. All you can say is that leaving it > there *may* improve the PRNG depending on the user, the environment, the > application, and quite probably, the alignment of the planets... > > The debian patch went further than -DPURIFY, as it removed more than just > this "unreliable" source, it removed all use of reliable sources as well. > >> http://blog.isotoma.com/2008/05/debians_openssl_disaster.html > > This blog does not suggest that building with -DPURIFY would a problem and nor > should it. I think you may have misunderstood the details of this issue. I am clearly misunderstanding something. You seem to be saying that -DPURIFY satisfies valgrind but doesn't reduce the keyspace. I'm prepared to take it on faith that -DPURIFY doesn't reduce the keyspace. -JP ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
