From 9ce3ee47ba21fd19859cf2953ee7e951f53e7da7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Thu, 20 Sep 2007 07:39:15 +0000
Subject: [PATCH] Add FAQ entry on how to get rid of Valgrind warnings.

PR: 521
---
 FAQ | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/FAQ b/FAQ
index 74bf952dd..e00651e9c 100644
--- a/FAQ
+++ b/FAQ
@@ -66,6 +66,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
 * I think I've detected a memory leak, is this a bug?
+* Why does Valgrind complain about the use of uninitialized data?
 
 ===============================================================================
 
@@ -894,5 +895,19 @@ thread-safe):
   ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 
 
+* Why does Valgrind complain about the use of uninitialized data?
+
+OpenSSL does internally call its own PRNG routines to retrieve random
+numbers. It so does with uninitialed buffer contents. The buffer
+contents is mixed into the entropy pool so that it technically does
+not matter whether the buffer is initialized at this point or not.
+Valgrind (and other test tools) will complain whatsoever. When
+using Valgrind, make sure to use an OpenSSL library that has been
+compiled with the PEDANTIC macro being defined (-DPEDANTIC) to
+get rid of these warnings. Compling with -DPURIFY will help as well.
+
+The PEDANTIC macro was added in OpenSSL 0.9.8f.
+
+
 ===============================================================================