On 28.03.2012 08:46, Bruce Cartland wrote: > On 28/03/2012 4:56 PM, Igmar Palsenberg wrote: >> >>> ......I could get rid of all these if I could tell Valgrind to >>> ignore any value created by RAND_load_file. Is there such a capability? >>> >>> ==00:00:00:17.356 30844== Conditional jump or move depends on >>> uninitialised value(s) >>> ==00:00:00:17.356 30844== at 0x423F92B: SHA1_Final (in >>> /lib/i686/cmov/libcrypto.so.0.9.8) >>> ==00:00:00:17.356 30844== by 0x418BA02: ??? (in >>> /usr/lib/libcurl.so.4.1.1) >>> ==00:00:00:17.356 30844== Uninitialised value was created by a >>> stack allocation >>> ==00:00:00:17.356 30844== at 0x42A2956: RAND_load_file (in >>> /lib/i686/cmov/libcrypto.so.0.9.8) >>> >> This was / is caused by the RNG using uninitialized bytes for it's >> RNG. There was an article on slashdot a while ago, when the Debian guys >> issues a patch to initialize the values (due to a valgrind report). >> Result : Insecure SSH keys. See >> http://wiki.debian.org/SSLkeys#End_User_Summary for more information. >> >> My advice : Write a suppression for this. >> >> >> >> Igmar > Thanks for the link - I'm aware of PRNG debian "solution" and debates > around valgrind/openssl. > > >> Write a suppression for this. > > That's my question - how? Or rather - can I write a suppression that > doesn't include the stack but just says ignore the error for any value > created in RAND_load_file? My impression is I can't. > Maybe it is possible (without looking at the code) to just change that method to set the variable to defined using VALGRIND_MAKE_MEM_DEFINED.
Matthias ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Valgrind-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/valgrind-users
