From: Lutz Jänicke <jaenicke@openssl.org>
Date: Thu, 20 Sep 2007 07:39:15 +0000 (+0000)
Subject: Add FAQ entry on how to get rid of Valgrind warnings.
X-Git-Tag: OpenSSL_0_9_8f~23
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9ce3ee47ba21fd19859cf2953ee7e951f53e7da7;p=openssl

Add FAQ entry on how to get rid of Valgrind warnings.

PR: 521
---

diff --git a/FAQ b/FAQ
index 74bf952ddc..e00651e9c5 100644
--- a/FAQ
+++ b/FAQ
@@ -66,6 +66,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 * I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of uninitialized data?
 
 ===============================================================================
 
@@ -894,5 +895,19 @@ thread-safe):
   ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 
 
+* Why does Valgrind complain about the use of uninitialized data?
+
+OpenSSL does internally call its own PRNG routines to retrieve random
+numbers. It so does with uninitialed buffer contents. The buffer
+contents is mixed into the entropy pool so that it technically does
+not matter whether the buffer is initialized at this point or not.
+Valgrind (and other test tools) will complain whatsoever. When
+using Valgrind, make sure to use an OpenSSL library that has been
+compiled with the PEDANTIC macro being defined (-DPEDANTIC) to
+get rid of these warnings. Compling with -DPURIFY will help as well.
+
+The PEDANTIC macro was added in OpenSSL 0.9.8f.
+
+
 ===============================================================================