On Thu, 2021-08-19 at 21:12 +0300, Vitaly Chikunov wrote: > Mimi, > > On Thu, Aug 19, 2021 at 02:06:03PM -0400, Mimi Zohar wrote: > > On Thu, 2021-08-19 at 05:11 +0300, Vitaly Chikunov wrote: > > > After CRYPTO_secure_malloc_init OpenSSL will store private keys in > > > secure heap. This facility is only available since OpenSSL_1_1_0-pre1. > > > > > > Signed-off-by: Vitaly Chikunov <vt@xxxxxxxxxxxx> > > > --- > > > Change from v1: > > > - Do not use setfbuf to disable buffering as this is not proven to be > > > meaningful. > > > - Use secure heap for passwords too as suggested by Mimi Zohar. > > > - Fallback to OPENSSL_malloc for old OpenSSL as suggested by Mimi Zohar. > > > - Simplify logic of calling CRYPTO_secure_malloc_init (call it always on > > > OpenSSL init.) > > > - Should be applied after Bruno Meneguele's "evmctl: fix memory leak in > > > get_password" patch v2. > > > > Not sure why it isn't applying with/without Bruno's v2 patch. > > It should be over next-testing + (manually git am'ed) Bruno's patch: > > db25fcd 2021-08-19 03:20:48 +0300 Use secure heap for private keys and passwords (Vitaly Chikunov) > d37ea6d 2021-08-16 12:15:59 -0300 evmctl: fix memory leak in get_password (Bruno Meneguele) > b1818c1 2021-08-03 16:40:08 -0400 Create alternative tpm2_pcr_read() that uses IBM TSS (Ken Goldman) (origin/next-testing) Sorry, my mistake. Applied the wrong patch. Mimi
