|
From: Bobby K. <rd...@kr...> - 2008-03-06 13:43:40
|
Hi!
I posted last week about valgrind and excessive complaints about the
network data that my application receives via SSL.
Many thanks to those who posted suggestions. In particular, Christoph
Bartoschek nailed it.
My problem was caused by a combination of uninitialized data in
libcrypto. Previous posts had suggested to re-compile openssl with
-DPURIFY which helped a bit. Christoph also suggested some code mods
to initialize some data in libcrypto/libssl. They were:
1) In bn_rand.c add at line 141: memset(buf, 0, bytes); =20
buf = (unsigned char *)OPENSSL_malloc(bytes);
if (buf == NULL)
{
BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
goto err;
}
memset(buf, 0, bytes);
2) bn_mont.c: Initialize tmod variable declared at line 392
memset(&tmod, 0, sizeof(tmod));
Basically, what I think was happening was that the uninitialized data
was essentially polluting (as far as valgrind is concerned) the data I
received because it was derived from or calculated from the various
uninitialized data down in the bowels of libssl/libcrypto.
Adding -DPURIFY and the above code mods nearly eliminated all of the
warnings.
I also temporarily removed the seeding of the PRNG from my app and
that completed the job of eliminating all unnecessary warnings. Now,
the valgrind warnings that do appear are well deserved.
Thanks,
Bobby
|