Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On Fri, Apr 24, 2020 at 9:12 PM Marion & Christophe JAILLET wrote: > > Le 24/04/2020 à 21:02, Ruediger Pluem a écrit : > > > > On 4/24/20 7:04 PM, yla...@apache.org wrote: > >> > >> +memset(buf, 0, sizeof(buf)); > > > > I cannot remember the gory details, but I remember a discussion either here > > or in APR land that these memset calls might be > > optimized away by a compiler. I only found a quick reference on the > > Internet to this topic: > > > > https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/ > > See apr_crypto_memzero in APR trunk at least. Yeah, I know it well ;) I thought about it, but wanted to check first whether we could use apr-util easily in mod_ssl.. Since we are in mod_ssl, I finally used OPENSSL_cleanse() in r1876950. Thanks, Yann.
Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Le 24/04/2020 à 21:02, Ruediger Pluem a écrit : On 4/24/20 7:04 PM, yla...@apache.org wrote: Author: ylavic Date: Fri Apr 24 17:04:28 2020 New Revision: 1876937 URL: http://svn.apache.org/viewvc?rev=1876937=rev Log: mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy. Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key to avoid saving a pointer to stack. While at it, cleanup secret data from buf before leaving. Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937=1876936=1876937=diff == --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020 @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key( res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx, ssl_callback_SessionTicket); #endif +memset(buf, 0, sizeof(buf)); I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be optimized away by a compiler. I only found a quick reference on the Internet to this topic: https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/ Regards Rüdiger See apr_crypto_memzero in APR trunk at least. CJ
Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On 4/24/20 7:04 PM, yla...@apache.org wrote: > Author: ylavic > Date: Fri Apr 24 17:04:28 2020 > New Revision: 1876937 > > URL: http://svn.apache.org/viewvc?rev=1876937=rev > Log: > mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy. > > Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key > to avoid saving a pointer to stack. > > While at it, cleanup secret data from buf before leaving. > > Modified: > httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > > Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937=1876936=1876937=diff > == > --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020 > > @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key( > res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx, > ssl_callback_SessionTicket); > #endif > +memset(buf, 0, sizeof(buf)); I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be optimized away by a compiler. I only found a quick reference on the Internet to this topic: https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/ Regards Rüdiger