[openssl-dev] Proper explicit zeroing in VIA PadLock engine

Mon Apr 4 14:44:09 UTC 2016

Richard Levitte wrote:
> That being said, engines/e_padlock.c has changed quite a bit since, so
> if patching is still needed, it needs to be reworked with somewhat
> more modern code (that libressl patch applies to OpenSSL 0.9.8, which
> is past EOL).

True, but it's still the same one line that needs to be changed.
engines/e_padlock.c:779:

> *(volatile unsigned int *)&buf = 0;

I've never worked with OpenSSL before, but the below is what I was
imagining.

diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 96e7483..709c4de 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count)
         *output++ = (unsigned char)buf;
         count--;
     }
-    *(volatile unsigned int *)&buf = 0;
+
+    OPENSSL_cleanse(&buf, sizeof(buf));
 
     return 1;
 }
