re: http://www.mail-archive.com/openssl-dev@openssl.org/msg24270.html
I don't quite approve of the established openssl tradition of using
uninitialized memory for entropy, but I wanted to point out that if
you want to do that, and you want valgrind to understand that those
bits count as
Kyle Hamilton wrote:
Debian c suffered from simply removing all calls to seed the random
number generator with enough entropy to make it secure.
When it comes to entropy, every little bit helps. The calls to add
uninitialized static variable locations are never relied upon to seed
the PRNG
Dear,
Please find attached a patch which makes valgrind and friends happy.
Some changes had been done in md_rand.c which broke the purpose of
PURIFY. Needless to say that the define PURIFY is *not* for production
system...
Best Regards,
Frederic Heem
Leave everything as all zero's; that will make it real obvious not to use
this in production code.
#ifdef PURIFY
memset(buf, 0, num);
memset(md_c, 0, sizeof md_c);
memset(local_md, 0, sizeof local_md);
#endif
--
STSM, DataPower Chief Programmer
WebSphere
On Thu, Jul 17, 2008 at 7:07 PM, Frederic Heem [EMAIL PROTECTED] wrote:
Please find attached a patch which makes valgrind and friends happy. Some
changes had been done in md_rand.c which broke the purpose of PURIFY.
Needless to say that the define PURIFY is *not* for production system...
On Friday 18 July 2008 10:57:50 Bodo Moeller wrote:
On Thu, Jul 17, 2008 at 7:07 PM, Frederic Heem [EMAIL PROTECTED]
wrote:
Please find attached a patch which makes valgrind and friends happy. Some
changes had been done in md_rand.c which broke the purpose of PURIFY.
Needless to say that
On Fri, Jul 18, 2008 at 6:00 PM, Geoff Thorpe [EMAIL PROTECTED] wrote:
On Friday 18 July 2008 10:57:50 Bodo Moeller wrote:
On Thu, Jul 17, 2008 at 7:07 PM, Frederic Heem [EMAIL PROTECTED] wrote:
Please find attached a patch which makes valgrind and friends happy. Some
changes had been done
Hi,
The previous patch didn't fully work due a mysterious valgrind issue
(something related to loading libssl multiple time through dl_open).
This patch is simply what has Robert suggested.
By the way, can someone explain me why some uninitialized static
variables are used create a random
Debian c suffered from simply removing all calls to seed the random
number generator with enough entropy to make it secure.
When it comes to entropy, every little bit helps. The calls to add
uninitialized static variable locations are never relied upon to seed
the PRNG with enough entropy, but
Agreed, though where possible it's preferable for PURIFY-handling
to simply
not use the uninitialised data at all, rather than initialising it before
use. (NB, I know this yields the same quality result, but
appearances in the
code are often as important as the outcome of the executable -
10 matches
Mail list logo
