Make sure the rand_byte buffer in padlock engine is cleansed.
authorRichard Levitte <levitte@openssl.org>
Mon, 4 Apr 2016 14:55:12 +0000 (16:55 +0200)
committerRichard Levitte <levitte@openssl.org>
Mon, 4 Apr 2016 15:01:37 +0000 (17:01 +0200)
Submitted by Michael McConville <mmcco@mykolab.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
engines/e_padlock.c

index 96e7483..f474f50 100644 (file)
@@ -776,7 +776,7 @@ static int padlock_rand_bytes(unsigned char *output, int count)
         *output++ = (unsigned char)buf;
         count--;
     }
-    *(volatile unsigned int *)&buf = 0;
+    OPENSSL_cleanse(&buf, sizeof(buf));
 
     return 1;
 }