In message <[email protected]> on Mon, 4 Apr 2016 10:44:09 -0400, Michael McConville <[email protected]> said:
mmcco> Richard Levitte wrote: mmcco> > That being said, engines/e_padlock.c has changed quite a bit since, so mmcco> > if patching is still needed, it needs to be reworked with somewhat mmcco> > more modern code (that libressl patch applies to OpenSSL 0.9.8, which mmcco> > is past EOL). mmcco> mmcco> True, but it's still the same one line that needs to be changed. mmcco> engines/e_padlock.c:779: mmcco> mmcco> > *(volatile unsigned int *)&buf = 0; mmcco> mmcco> I've never worked with OpenSSL before, but the below is what I was mmcco> imagining. mmcco> mmcco> mmcco> diff --git a/engines/e_padlock.c b/engines/e_padlock.c mmcco> index 96e7483..709c4de 100644 mmcco> --- a/engines/e_padlock.c mmcco> +++ b/engines/e_padlock.c mmcco> @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count) mmcco> *output++ = (unsigned char)buf; mmcco> count--; mmcco> } mmcco> - *(volatile unsigned int *)&buf = 0; mmcco> + mmcco> + OPENSSL_cleanse(&buf, sizeof(buf)); mmcco> mmcco> return 1; mmcco> } That looks good enough, I'll see to it being inserted. Cheers, Richard -- Richard Levitte [email protected] OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
