On 05/01/17 15:46, Ivo Raisr wrote: > 2017-01-05 12:54 GMT+01:00 Matthias Apitz <g...@unixarea.de > <mailto:g...@unixarea.de>>: > > I'm 'valgrinding' a huge client/server application, where the server > runs on Linux (SLES 12) and uses SSL (OpenSSL) to communicate with the > clients. > > Valgrind is complaining a lot on any SSL function call (some 20.000 > lines) before the first data is exchanged, i.e. on creating the SSL > socket and accepting the connection. > > I know how to suppress such complaints which I can not solve because the > full function stack is inside the libssl.so or libcrypto.so > > But, when I read bytes in clear text from the SSL connection the > resulting returned 'buf' is invalid too and this goes up the way as > invalid into my application layers. See the example below and the > resulting valgrind complaints. It does not even help to strncpy(3) the > buffer and work with the result. The data in it remains > invalid/uninitialized. > > What is the correct way to deal with this? > > One of the straightforward ways (workarounds) will be to use a Valgrind > client request to explicitly set the data buffer as defined. > See memcheck.h, VALGRIND_MAKE_MEM_DEFINED.
Doing that at the top level is going to be messy though and you probably wont get rid of everything. The underlying problem is likely to be that OpenSSL deliberately mixes uninitialised memory into the entropy pool for it's random number generator which then pollutes everything derived from that. It's a fairly well known issue, as anybody that remembers the infamous Debian incident where the valgrind warnings were "fixed" by stopping it mixing in that uninitialised memory (and in the process destroying the randomness) will know... The ideal solution would be to alter OpenSSL to call VALGRIND_MAKE_MEM_DEFINED on that unitialised memory when it adds it to the entropy pool so that valgrind thinks it is defined. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Valgrind-users mailing list Valgrind-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/valgrind-users
