[openssl-dev] Proper explicit zeroing in VIA PadLock engine

Richard Levitte levitte at openssl.org
Mon Apr 4 15:02:33 UTC 2016 

In message <20160404.164942.868027325565615626.levitte at openssl.org> on Mon, 04 Apr 2016 16:49:42 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:

levitte> In message <20160404144408.GA75125 at thinkpad.swarthmore.edu> on Mon, 4 Apr 2016 10:44:09 -0400, Michael McConville <mmcco at mykolab.com> said:
levitte> 
levitte> mmcco> Richard Levitte wrote:
levitte> mmcco> > That being said, engines/e_padlock.c has changed quite a bit since, so
levitte> mmcco> > if patching is still needed, it needs to be reworked with somewhat
levitte> mmcco> > more modern code (that libressl patch applies to OpenSSL 0.9.8, which
levitte> mmcco> > is past EOL).
levitte> mmcco> 
levitte> mmcco> True, but it's still the same one line that needs to be changed.
levitte> mmcco> engines/e_padlock.c:779:
levitte> mmcco> 
levitte> mmcco> > *(volatile unsigned int *)&buf = 0;
levitte> mmcco> 
levitte> mmcco> I've never worked with OpenSSL before, but the below is what I was
levitte> mmcco> imagining.
levitte> mmcco> 
levitte> mmcco> 
levitte> mmcco> diff --git a/engines/e_padlock.c b/engines/e_padlock.c
levitte> mmcco> index 96e7483..709c4de 100644
levitte> mmcco> --- a/engines/e_padlock.c
levitte> mmcco> +++ b/engines/e_padlock.c
levitte> mmcco> @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count)
levitte> mmcco>          *output++ = (unsigned char)buf;
levitte> mmcco>          count--;
levitte> mmcco>      }
levitte> mmcco> -    *(volatile unsigned int *)&buf = 0;
levitte> mmcco> +
levitte> mmcco> +    OPENSSL_cleanse(&buf, sizeof(buf));
levitte> mmcco>  
levitte> mmcco>      return 1;
levitte> mmcco>  }
levitte> 
levitte> That looks good enough, I'll see to it being inserted.

And pushed.  Thank you!

    commit 6c13488c4e75ef839bc07a3ce428289aef4bd267
    Author: Richard Levitte <levitte at openssl.org>
    Date:   Mon Apr 4 16:55:12 2016 +0200
    
        Make sure the rand_byte buffer in padlock engine is cleansed.
        
        Submitted by Michael McConville <mmcco at mykolab.com>
        
        Reviewed-by: Rich Salz <rsalz at openssl.org>

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-dev mailing list