|
From: John R. <jr...@bi...> - 2012-04-20 14:40:58
|
>> ==3898== Memcheck, a memory error detector >> ==3898== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. >> ==3898== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info >> ==3898== Command: ./mkvariable_key [snip] >> ==3898== Conditional jump or move depends on uninitialised value(s) >> ==3898== at 0x4007697: __GI_strlen (mc_replace_strmem.c:284) >> ==3898== by 0x4884B94D: fputs (in /lib/libc-2.14.1.so) >> ==3898== by 0x80488F8: mk1pkey (in >> /home/achinta/Desktop/Cryp_random_test_DITP/mkvariable_key) What is the ./mkvariable_key executable? Where can anyone else get a copy of its source? The error message means that routine mk1pkey called fputs() with a string that contained at least one uninitialized char. Various cryptography suites are known to "exploit" uninitialized arrays as a source of additional randomness. [By this usage, the program admits that the program itself is not good at randomness. Also, this is an information leak: small, but nevertheless a leak.] Some such programs have a conditional compilation switch which turns on "do not intentionally use uninitialized arrays", in order to make execution "clean" when run under programs such as memcheck(valgrind) which audit memory usage. Examine the source to see if there is such a configuration choice. Activate the choice when building with the intent of running under memcheck(valgrind). -- |