search for: openssl_cleanse

...scanf("%30s", buffer); bzero(buffer, sizeof(buffer)); } int main() { bar31(); foo31(); return 0; } ----- As one can verify with 'gcc -O -S -o poc1.s poc1.c', there will be no cleaning in both foo31() and bar31(). > For example, OpenSSL has the OPENSSL_cleanse() function whose purpose > is two-fold (from http://cvs.openssl.org/chngview?cn=9301): > ----- > *) New function OPENSSL_cleanse(), which is used to cleanse a section of > memory from it's contents. This is done with a counter that will > place alternating values in each b...

OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing a shim for OpenSSL-1.1, the OpenSC code has been converted to the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and macros was written to support older versions of OpenSSL and Libressl. https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h The nice part of this approach is

...& !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { > ?? > OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); > ?? > } > ?? > EVP_PKEY_CTX_free(ctx->pctx); > #ifndef OPENSSL_NO_ENGINE > ?? > ENGINE_finish(ctx->engine); > #endif > ?? > OPENSSL_cleanse(ctx, sizeof(*ctx)); > > ?? > return 1; > } > ?---->8----- > > > Other functions are getter and setters such as : > > ?----8<-----? > void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) > { > if (pub_key != NULL) > *pub_...

...ference to `BIO_f_buffer' /usr/local/ssl/lib/libssl.so: undefined reference to `ERR_get_error' /usr/local/ssl/lib/libssl.so: undefined reference to `EVP_DecryptInit' /usr/local/ssl/lib/libssl.so: undefined reference to `sk_shift' /usr/local/ssl/lib/libssl.so: undefined reference to `OPENSSL_cleanse' /usr/local/ssl/lib/libssl.so: undefined reference to `lh_new' /usr/local/ssl/lib/libssl.so: undefined reference to `CRYPTO_free_ex_data' /usr/local/ssl/lib/libssl.so: undefined reference to `ASN1_INTEGER_set' /usr/local/ssl/lib/libssl.so: undefined reference to `i2d_ASN1_OCTET_STRI...

...LOCK || len + n >= HASH_CBLOCK) { + memcpy(p + n, data, HASH_CBLOCK - n); + HASH_BLOCK_DATA_ORDER(c, p, 1); + n = HASH_CBLOCK - n; + data += n; + len -= n; + c->num = 0; + /* + * We use memset rather than OPENSSL_cleanse() here deliberately. + * Using OPENSSL_cleanse() here could be a performance issue. It + * will get properly cleansed on finalisation so this isn't a + * security problem. + */ + memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ +...