[axtls-general] Valgrind complaining about uninitialized variable
Brought to you by:
cameronrich
From: Arunkumar D. <dar...@cl...> - 2012-05-22 12:02:57
|
Hi All, I am trying to use axTLS in an embedded system which we regularly run in a simulated mode on Linux and check for any issues using Valgrind. After adding axTLS, we noticed Valgrind complaining about conditional jump depending on unitialized value. I traced the issue to the get_random() function, which uses the inbuilt algorithm. This seems to be copying utmost ENTROPY_POOL_SIZE random data to the requested buffer and uses the remaining uninitialized values in the RC4_crypt() function. I really want to prevent this Valgrind message, so that we have a clean output. I am just wondering if the axTLS code really needs to be fixed to avoid using the uninitialized data in the input buffer as a source of entropy. Is it really a secure practice? I just initialized the remaining of the buffer with 0s before calling the RC4_crypt() function. Will this still ensure good randomness? thanks, arun |