2

I am using openssl library. I get lot of warning from valgrind like 

==923== Conditional jump or move depends on uninitialised value(s)
==923==    at 0x66614C: ssl3_get_finished (in ./app.out)
==923==    by 0x65FA39: ssl3_connect (in ./app.out)
==923==    by 0x63A9E4: ossl_connect_common (in ./app.out)
==923==    by 0x63C054: Curl_ossl_connect (in ./app.out)
==923==    by 0x625DA6: Curl_ssl_connect (in ./app.out)
==923==    by 0x62B2BF: Curl_http_connect (in ./app.out)
==923==    by 0x6372ED: Curl_protocol_connect (in ./app.out)
==923==    by 0x637599: Curl_setup_conn (in ./app.out)
==923==    by 0x637643: Curl_connect (in ./app.out)
==923==    by 0x640A70: Curl_do_perform (in ./app.out)

==923== 
==923== Syscall param write(buf) points to uninitialised byte(s)
==923==    at 0x507ECCD: ??? (syscall-template.S:82)
==923==    by 0x6859EC: sock_write (in ./app.out)
==923==    by 0x583A86: BIO_write (in ./app.out)
==923==    by 0x6640AF: ssl3_write_pending (in ./app.out)
==923==    by 0x664734: ssl3_write_bytes (in ./app.out)
==923==    by 0x63891D: ossl_send (in ./app.out)
==923==    by 0x62F4B1: Curl_write (in ./app.out)
==923==    by 0x62BFF5: Curl_add_buffer_send (in ./app.out)
==923==    by 0x62DE8F: Curl_http (in ./app.out)
==923==    by 0x6378AA: Curl_do (in ./app.out)
==923==    by 0x640AE8: Curl_do_perform (in ./app.out)

==923==  Address 0xa2262ca is 490 bytes inside a block of size 17,584 alloc'd
==923==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==923==    by 0x581B93: CRYPTO_malloc (in ./app.out)
==923==    by 0x666B6F: ssl3_setup_write_buffer (in ./app.out)
==923==    by 0x666BD6: ssl3_setup_buffers (in ./app.out)
==923==    by 0x666E63: ssl23_connect (in ./app.out)
==923==    by 0x63A9E4: ossl_connect_common (in ./app.out)
==923==    by 0x63C054: Curl_ossl_connect (in ./app.out)
==923==    by 0x625DA6: Curl_ssl_connect (in ./app.out)
==923==    by 0x62B2BF: Curl_http_connect (in ./app.out)
==923==    by 0x6372ED: Curl_protocol_connect (in ./app.out)
==923==    by 0x637599: Curl_setup_conn (in ./app.out)
==923==    by 0x637643: Curl_connect (in ./app.out)
==923==

Is there a way I can suppress this warning from valgrind?

ks1322
  • 33,961
  • 14
  • 109
  • 164
Vivek Goel
  • 22,942
  • 29
  • 114
  • 186
  • 1
    If you can rebuild openssl, you can use -DPURIFY to get rid of these warnings, see openssl [FAQ](http://www.openssl.org/support/faq.html#PROG14). – ks1322 Oct 27 '12 at 07:21
  • @ks1322 So does I need compile with -DPURIFY only valgrind or there is no problem using that destination library in release build. – Vivek Goel Oct 27 '12 at 09:35
  • Yes, openssl uses uninitialized buffers for generating random numbers, which is ok and this is what about Valgrind complains. -DPURIFY should be used only for debugging, for example not to miss other Valgrind warnings. – ks1322 Oct 27 '12 at 12:30
  • [This blog post](http://www.hardening-consulting.com/en/posts/20140512openssl-and-valgrind.html) explains how to do it by using Valgrind's API, but I haven't tested it myself – aviggiano Aug 04 '17 at 15:11

0 Answers0