Mailing List Archive: Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine

Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Apr 24, 2020, 12:02 PM

Post #1 of 3 (161 views)

On 4/24/20 7:04 PM, ylavic@apache.org wrote:
> Author: ylavic
> Date: Fri Apr 24 17:04:28 2020
> New Revision: 1876937
>
> URL: http://svn.apache.org/viewvc?rev=1876937&view=rev
> Log:
> mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.
>
> Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key
> to avoid saving a pointer to stack.
>
> While at it, cleanup secret data from buf before leaving.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937&r1=1876936&r2=1876937&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020
>
> @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key(
> res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
> ssl_callback_SessionTicket);
> #endif
> + memset(buf, 0, sizeof(buf));

I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be
optimized away by a compiler. I only found a quick reference on the Internet to this topic:

https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/

Regards

Rüdiger

Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c [ In reply to ]

christophe.jaillet at wanadoo

Apr 24, 2020, 12:12 PM

Post #2 of 3 (161 views)

Permalink

Le 24/04/2020 à 21:02, Ruediger Pluem a écrit :
>
> On 4/24/20 7:04 PM, ylavic@apache.org wrote:
>> Author: ylavic
>> Date: Fri Apr 24 17:04:28 2020
>> New Revision: 1876937
>>
>> URL: http://svn.apache.org/viewvc?rev=1876937&view=rev
>> Log:
>> mod_ssl: follow up to r1876934: OSSL_PARAM_construct_*() make no copy.
>>
>> Pass OSSL_PARAM_construct_octet_string() an explicit copy of the MAC key
>> to avoid saving a pointer to stack.
>>
>> While at it, cleanup secret data from buf before leaving.
>>
>> Modified:
>> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>>
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1876937&r1=1876936&r2=1876937&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr 24 17:04:28 2020
>>
>> @@ -1616,6 +1617,7 @@ static apr_status_t ssl_init_ticket_key(
>> res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
>> ssl_callback_SessionTicket);
>> #endif
>> + memset(buf, 0, sizeof(buf));
> I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be
> optimized away by a compiler. I only found a quick reference on the Internet to this topic:
>
> https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
>
> Regards
>
> Rüdiger

See apr_crypto_memzero in APR trunk at least.

CJ

Re: svn commit: r1876937 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c [ In reply to ]

ylavic.dev at gmail

Apr 24, 2020, 2:34 PM

Post #3 of 3 (161 views)

Permalink

On Fri, Apr 24, 2020 at 9:12 PM Marion & Christophe JAILLET
<christophe.jaillet@wanadoo.fr> wrote:
>
> Le 24/04/2020 à 21:02, Ruediger Pluem a écrit :
> >
> > On 4/24/20 7:04 PM, ylavic@apache.org wrote:
> >>
> >> + memset(buf, 0, sizeof(buf));
> >
> > I cannot remember the gory details, but I remember a discussion either here or in APR land that these memset calls might be
> > optimized away by a compiler. I only found a quick reference on the Internet to this topic:
> >
> > https://www.cryptologie.net/article/419/zeroing-memory-compiler-optimizations-and-memset_s/
>
> See apr_crypto_memzero in APR trunk at least.

Yeah, I know it well ;)

I thought about it, but wanted to check first whether we could use
apr-util easily in mod_ssl..
Since we are in mod_ssl, I finally used OPENSSL_cleanse() in r1876950.

Thanks,
Yann.