In message <[email protected]> on Mon, 04 Apr 2016 16:49:42 +0200 (CEST), Richard Levitte <[email protected]> said:
levitte> In message <[email protected]> on Mon, 4 Apr 2016 10:44:09 -0400, Michael McConville <[email protected]> said: levitte> levitte> mmcco> Richard Levitte wrote: levitte> mmcco> > That being said, engines/e_padlock.c has changed quite a bit since, so levitte> mmcco> > if patching is still needed, it needs to be reworked with somewhat levitte> mmcco> > more modern code (that libressl patch applies to OpenSSL 0.9.8, which levitte> mmcco> > is past EOL). levitte> mmcco> levitte> mmcco> True, but it's still the same one line that needs to be changed. levitte> mmcco> engines/e_padlock.c:779: levitte> mmcco> levitte> mmcco> > *(volatile unsigned int *)&buf = 0; levitte> mmcco> levitte> mmcco> I've never worked with OpenSSL before, but the below is what I was levitte> mmcco> imagining. levitte> mmcco> levitte> mmcco> levitte> mmcco> diff --git a/engines/e_padlock.c b/engines/e_padlock.c levitte> mmcco> index 96e7483..709c4de 100644 levitte> mmcco> --- a/engines/e_padlock.c levitte> mmcco> +++ b/engines/e_padlock.c levitte> mmcco> @@ -776,7 +776,8 @@ static int padlock_rand_bytes(unsigned char *output, int count) levitte> mmcco> *output++ = (unsigned char)buf; levitte> mmcco> count--; levitte> mmcco> } levitte> mmcco> - *(volatile unsigned int *)&buf = 0; levitte> mmcco> + levitte> mmcco> + OPENSSL_cleanse(&buf, sizeof(buf)); levitte> mmcco> levitte> mmcco> return 1; levitte> mmcco> } levitte> levitte> That looks good enough, I'll see to it being inserted. And pushed. Thank you! commit 6c13488c4e75ef839bc07a3ce428289aef4bd267 Author: Richard Levitte <[email protected]> Date: Mon Apr 4 16:55:12 2016 +0200 Make sure the rand_byte buffer in padlock engine is cleansed. Submitted by Michael McConville <[email protected]> Reviewed-by: Rich Salz <[email protected]> -- Richard Levitte [email protected] OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
