On 4/24/20 7:04 PM, ylavic@apache.org wrote:
> Author: ylavic
> Date: Fri Apr 24 17:04:28 2020
> New Revision: 1876937
>
> URL: http://svn.apache.org/viewvc?rev=1876937&view=rev
> Log:
> mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.
>
> Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key
> to avoid saving a pointer to stack.
>
> While at it, cleanup secret data from buf before leaving.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937&r1=1876936&r2=1876937&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020
>
> @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key(
> res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
> ssl_callback_SessionTicket);
> #endif
> + memset(buf, 0, sizeof(buf));
I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be
optimized away by a compiler. I only found a quick reference on the Internet to this topic:
https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
Regards
Rüdiger
> Author: ylavic
> Date: Fri Apr 24 17:04:28 2020
> New Revision: 1876937
>
> URL: http://svn.apache.org/viewvc?rev=1876937&view=rev
> Log:
> mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.
>
> Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key
> to avoid saving a pointer to stack.
>
> While at it, cleanup secret data from buf before leaving.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937&r1=1876936&r2=1876937&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020
>
> @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key(
> res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
> ssl_callback_SessionTicket);
> #endif
> + memset(buf, 0, sizeof(buf));
I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be
optimized away by a compiler. I only found a quick reference on the Internet to this topic:
https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
Regards
Rüdiger