Re: Thanks to Debian OpenSSL developers
On Thu, May 15, 2008 at 11:38:59PM +0200, Steffen Schulz <pepe@cbg.dyndns.org> wrote:
> - There are published algorithms for good PRNGs, no need to help
> yourself with adding unintialized memory and praying the OS does a
> good job already.
Nothing in OpenSSL has ever *relied* on uninitialized memory. The
only job expected from the OS is providing something readable, such
as (initially) a bunch of 0x00 bytes.
OpenSSL merely *accepts* uninitialized memory, since it sometimes may
very well contain some information dating back from whatever happened
previously during the program execution that couldn't be predicted by
adversaries, in which case this memory would be a good source of
entropy. In its internal entropy estimation tally, OpenSSL never
assumes that uninitialized memory contributes anything -- this is just
opportunistic randomness if you will.
This much, by the way, should be very clear to anyone who has read the
OpenSSL PRNG's source code comments ;-) Anyone who'd look at the
calling code responsible for the Valgrind warning would have found
a comment regarding this peculiar behavior. An attempt to understand
what is going on locally based on just a single line, however, clearly
is doomed. But even looking just at the single function would have
shown that the modified version of ssleay_rand_add() doesn't ever
dereference or pass the "buf" pointer; this should strike as odd even
if you don't read any of the comments.
Of course, mistakes can always happen anyway, and to anyone. The
motto "never fix a bug you don't understand" will only help you out if
you are aware that you don't understand the bug -- not if you think
you understand, but actually misunderstand.
Bodo
Reply to: