diff options
| -rw-r--r-- | FAQ | 11 | ||||
| -rw-r--r-- | crypto/rand/rand_lib.c | 2 | ||||
| -rw-r--r-- | doc/crypto/RAND_bytes.pod | 3 |
3 files changed, 14 insertions, 2 deletions
@@ -67,6 +67,7 @@ OpenSSL - Frequently Asked Questions * Why doesn't my server application receive a client certificate? * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? * I think I've detected a memory leak, is this a bug? +* Why does Valgrind complain about the use of uninitialized data? * Why doesn't a memory BIO work when a file does? =============================================================================== @@ -917,6 +918,16 @@ thread-safe): ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data(). +* Why does Valgrind complain about the use of uninitialized data? + +When OpenSSL's PRNG routines are called to generate random numbers the supplied +buffer contents are mixed into the entropy pool: so it technically does not +matter whether the buffer is initialized at this point or not. Valgrind (and +other test tools) will complain about this. When using Valgrind, make sure the +OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) +to get rid of these warnings. + + * Why doesn't a memory BIO work when a file does? This can occur in several cases for example reading an S/MIME email message. diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index adfec83b7b..513e338985 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -154,7 +154,6 @@ void RAND_add(const void *buf, int num, double entropy) int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - memset(buf, 0, num); if (meth && meth->bytes) return meth->bytes(buf,num); return(-1); @@ -163,7 +162,6 @@ int RAND_bytes(unsigned char *buf, int num) int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - memset(buf, 0, num); if (meth && meth->pseudorand) return meth->pseudorand(buf,num); return(-1); diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index ce6329ce54..1a9b91e281 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -25,6 +25,9 @@ unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc. +The contents of B<buf> is mixed into the entropy pool before retrieving +the new pseudo-random bytes unless disabled at compile time (see FAQ). + =head1 RETURN VALUES RAND_bytes() returns 1 on success, 0 otherwise. The error code can be |