If the OpenSSL guys want to continue using uninitialised buffers as a source of entropy, it might be worth sprinkling a few calls to VALGRIND_MAKE_MEM_DEFINED() in the appropriate locations. It is a no-op when no running under Valgrind and should be fairly cheap. If the overhead is small enough, it'd be useful to include in release builds on systems that support Valgrind. Not being able to run a memory debugger on critical infrastructure like OpenSSL (or on applications that use it) is a serious problem.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds