"When OpenSSL's PRNG routines are called to generate random numbers the supplied buffer contents are mixed into the entropy pool: so it technically does not matter whether the buffer is initialized at this point or not. Valgrind (and other test tools) will complain about this. When using Valgrind, make sure the OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY) to get rid of these warnings." - FAQ
Tehát "technikailag szólva" nem csinál semmit. Így már oké. Vajon az openssl hány százaléka áll olyan kódból, ami "technikailag szólva" nem csinál semmit?