The following patch is needed in order to allow applications such as Valgrind
to work with "-DPURIFY" versions of openssl:
crypto/rand/randfile.c :
@@ -102,6 +102,14 @@
if (file == NULL) return(0);
+#ifdef PURIFY
+ /* struct stat has padding and unused fields that may not be
+ * initialized in the call to stat(). We need to clear the entire
+ * structure before calling RAND_add() to avoid complaints from
+ * applications such as Valgrind.
+ */
+ memset(&sb, 0, sizeof(sb));
+#endif
if (stat(file,&sb) < 0) return(0);
RAND_add(&sb,sizeof(sb),0.0);
if (bytes == 0) return(ret);
The issue is that struct stat has various padding and unused fields that may
not be initialized by the stat() call.
I don't have the time necessary to look at all other uses of RAND_add().
However, it might be a good idea to have someone on the openssl team look at
each RAND_add() call and determine if any additional memsets are needed with
the "PURIFY" flag (with an eye towards structures that may not be fully
initialized).
Sincerely,
Kevin Regan
F5 Networks
