diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index ee92b147..51b49656 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -4,7 +4,7 @@ on: push: jobs: build: - runs-on: ubuntu-20.04 + runs-on: self-hosted env: ACTIONS_ALLOW_UNSECURE_COMMANDS: true DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} @@ -14,7 +14,7 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive - name: build and deploy test image diff --git a/.github/workflows/dockerimagebase.yml b/.github/workflows/dockerimagebase.yml index 898f02bd..464cad1a 100644 --- a/.github/workflows/dockerimagebase.yml +++ b/.github/workflows/dockerimagebase.yml @@ -6,7 +6,7 @@ on: - build_base* jobs: build: - runs-on: ubuntu-20.04 + runs-on: self-hosted env: ACTIONS_ALLOW_UNSECURE_COMMMANDS: true DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} @@ -16,7 +16,7 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive - name: Build the Docker image diff --git a/.github/workflows/dockerimageintelsubmission.yml b/.github/workflows/dockerimageintelsubmission.yml index 731b05d2..ea3114fd 100644 --- a/.github/workflows/dockerimageintelsubmission.yml +++ b/.github/workflows/dockerimageintelsubmission.yml @@ -4,7 +4,7 @@ on: push: jobs: build: - runs-on: ubuntu-20.04 + runs-on: self-hosted env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -13,9 +13,11 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive + - name: build and deploy test image + run: python3 scripts/docker_build.py DockerfileIntelSubmission sgxwallet_intelsubmission ${GITHUB_SHA} - name: build and deploy docker image if: | contains(github.ref, 'develop') || contains(github.ref, 'beta') || diff --git a/.github/workflows/dockerimagerelease.yml b/.github/workflows/dockerimagerelease.yml index 4de75ca4..f99205d7 100644 --- a/.github/workflows/dockerimagerelease.yml +++ b/.github/workflows/dockerimagerelease.yml @@ -6,7 +6,7 @@ on: - stable jobs: build: - runs-on: ubuntu-20.04 + runs-on: self-hosted env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -16,7 +16,7 @@ jobs: run: cat /proc/cpuinfo | grep avx512 - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: Submodule update run: git submodule update --init --recursive - name: Create dir for signing enclave diff --git a/.github/workflows/dockerimagesim.yml b/.github/workflows/dockerimagesim.yml index 299c3b1a..1d9f03ae 100644 --- a/.github/workflows/dockerimagesim.yml +++ b/.github/workflows/dockerimagesim.yml @@ -4,7 +4,7 @@ on: push: jobs: build: - runs-on: ubuntu-20.04 + runs-on: self-hosted env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} @@ -15,13 +15,15 @@ jobs: run: ls /dev/urandom - name: Login to docker run: docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD} - - uses: actions/checkout@v1 + - uses: actions/checkout@v2 - name: submodule update run: git submodule update --init --recursive - name: Build and publish container for testing run: python3 scripts/docker_build.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} - name: test run: python3 scripts/docker_test.py DockerfileSimulation sgxwallet_sim ${GITHUB_SHA} + - name: cleanup + run: sudo rm -rf sgx_data - name: build and deploy docker image if: | contains(github.ref, 'develop') || contains(github.ref, 'beta') || diff --git a/Dockerfile b/Dockerfile index 3b3b4266..c0eb92a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,9 +7,6 @@ RUN apt update && apt install -y curl secure-delete python3-pip RUN pip3 install --upgrade pip RUN pip3 install requests torpy - - - RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure @@ -19,5 +16,5 @@ RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileBase b/DockerfileBase index df7211af..9d08baf1 100644 --- a/DockerfileBase +++ b/DockerfileBase @@ -1,35 +1,37 @@ -FROM ubuntu:20.04 +FROM ubuntu:22.04 RUN apt-get update && apt-get install software-properties-common -y && \ add-apt-repository ppa:ubuntu-toolchain-r/test && \ apt-get update && apt-get install -y \ - autoconf \ - automake \ build-essential \ - cmake \ - curl \ - debhelper \ - git \ - libcurl4-openssl-dev \ - libprotobuf-dev \ - libssl-dev \ - libtool \ - lsb-release \ ocaml \ ocamlbuild \ - protobuf-compiler \ - python-is-python3 \ + automake \ + autoconf \ + libtool \ wget \ - libcurl4 \ - make \ - unzip \ + python-is-python3 \ + libssl-dev \ + git \ + cmake \ perl \ - pkgconf + libcurl4-openssl-dev \ + protobuf-compiler \ + libprotobuf-dev \ + debhelper \ + reprepro \ + unzip \ + pkgconf \ + libboost-dev \ + libboost-system-dev \ + libboost-thread-dev \ + lsb-release \ + libsystemd0 -# RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \ -# dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb +RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb && \ + dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb -RUN git clone -b sgx_2.19 --depth 1 https://github.com/intel/linux-sgx +RUN git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx RUN cd linux-sgx && make preparation @@ -54,12 +56,10 @@ WORKDIR /usr/src/sdk RUN apt update && \ apt install -yq apt-utils && \ - apt install -yq --no-install-recommends vim telnet git ca-certificates perl \ - reprepro libboost-all-dev alien uuid-dev libxml2-dev ccache \ - yasm flex bison libprocps-dev ccache texinfo \ - graphviz doxygen libgnutls28-dev libgcrypt20-dev \ - libboost-dev libboost-system-dev libboost-thread-dev lsb-release libsystemd0 && \ - # glibc-tools + apt install -yq --no-install-recommends vim telnet ca-certificates perl \ + alien uuid-dev libxml2-dev ccache \ + yasm libprocps-dev texinfo \ + graphviz doxygen libgnutls28-dev libgcrypt20-dev && \ ln -s /usr/bin/ccache /usr/local/bin/clang && \ ln -s /usr/bin/ccache /usr/local/bin/clang++ && \ ln -s /usr/bin/ccache /usr/local/bin/gcc && \ @@ -67,13 +67,12 @@ RUN apt update && \ ln -s /usr/bin/ccache /usr/local/bin/cc && \ ln -s /usr/bin/ccache /usr/local/bin/c++ -RUN cd scripts && ./build_deps.py && \ - wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz && \ - cd dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \ - cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && \ - make install && \ - cd .. && rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b && \ - cd /usr/src/sdk && \ - ./autoconf.bash && \ - ./configure && \ - bash -c "make -j$(nproc)" +WORKDIR /usr/src/sdk/scripts +RUN ./build_deps.py +RUN wget --progress=dot:mega -O - https://github.com/intel/dynamic-application-loader-host-interface/archive/072d233296c15d0dcd1fb4570694d0244729f87b.tar.gz | tar -xz +WORKDIR dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b +RUN cmake . -DCMAKE_BUILD_TYPE=Release -DINIT_SYSTEM=SysVinit && make install +WORKDIR /usr/src/sdk/scripts +RUN rm -rf dynamic-application-loader-host-interface-072d233296c15d0dcd1fb4570694d0244729f87b +WORKDIR /usr/src/sdk +RUN ./autoconf.bash diff --git a/DockerfileIntelSubmission b/DockerfileIntelSubmission index 33c73051..45eafddb 100644 --- a/DockerfileIntelSubmission +++ b/DockerfileIntelSubmission @@ -12,11 +12,12 @@ RUN pip3 install requests torpy RUN cd scripts && ./generate_signing_key.bash RUN touch /var/hwmode RUN ./autoconf.bash -RUN ./configure --with-sgx-build=release +RUN ./configure --with-sgx-build=prerelease RUN bash -c "make -j$(nproc)" RUN ccache -sz RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ +COPY docker/check_firewall.py ./ RUN rm -rf /usr/src/sdk/sgx-sdk-build/ -RUN rm /opt/intel/sgxsdk/lib64/*_sim.so +RUN rm /opt/intel/sgxsdk/lib64/*_sim.so ENTRYPOINT ["/usr/src/sdk/start.sh"] diff --git a/DockerfileRelease b/DockerfileRelease index e78a8df7..5ad52395 100644 --- a/DockerfileRelease +++ b/DockerfileRelease @@ -8,13 +8,13 @@ RUN apt update && apt install -y curl secure-delete python3-pip RUN pip3 install --upgrade pip RUN pip3 install requests torpy - RUN touch /var/hwmode RUN ./autoconf.bash RUN ./configure --with-sgx-build=release +RUN cd secure_enclave && bash -c "make secure_enclave.so -j$(nproc)" +RUN cd scripts && ./sign_enclave.bash RUN bash -c "make -j$(nproc)" RUN ccache -sz -RUN cd scripts && ./sign_enclave.bash RUN mkdir -p /usr/src/sdk/sgx_data COPY docker/start.sh ./ COPY docker/check_firewall.py ./ diff --git a/DockerfileSimulation b/DockerfileSimulation index 33109841..e80ddc14 100644 --- a/DockerfileSimulation +++ b/DockerfileSimulation @@ -1,11 +1,9 @@ FROM skalenetwork/sgxwallet_base:latest - RUN apt update && apt install -y curl secure-delete python3-pip RUN pip3 install --upgrade pip RUN pip3 install requests torpy - RUN ccache -sz COPY . /usr/src/sdk diff --git a/Makefile.am b/Makefile.am index 6ad95870..e6de2e38 100644 --- a/Makefile.am +++ b/Makefile.am @@ -45,8 +45,8 @@ secure_enclave.edl: secure_enclave/secure_enclave.edl #AM_CPPFLAGS += -g -Og -AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" -AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -lSegFault -DSGXWALLET_VERSION="$(WALLET_VERSION)" +AM_CFLAGS = -DUSER_SPACE -O2 -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)" +AM_CXXFLAGS = ${AM_CPPFLAGS} -rdynamic -Wl,--no-as-needed -DSGXWALLET_VERSION="$(WALLET_VERSION)" AM_CPPFLAGS += -DSGXWALLET_VERSION="$(WALLET_VERSION)" -Wall -DSKALE_SGX=1 -DBINARY_OUTPUT=1 -Ileveldb/include -IlibBLS/bls \ diff --git a/README.md b/README.md index 66739c72..422e003b 100644 --- a/README.md +++ b/README.md @@ -16,14 +16,13 @@ leave the enclave unencrypted. The server provides an initial registration service to issue client certificates to the clients. The administrator manually approves each registration. -**sgxwallet** has been tested on **Ubuntu Linux 18.04**. +**sgxwallet** has been tested on **Ubuntu Linux 20.04**. ## An important note about production readiness The sgxwallet server is still in active development and therefore should be regarded as _alpha software_. The development is still subject to security hardening, further testing, and breaking changes. **This server has not yet been reviewed or audited for security.** Please see [SECURITY.md](SECURITY.md) for reporting policies. -![Build, test and push sgxwallet container](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sgxwallet%20container/badge.svg) -![Build, test and push sim mode container](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sim%20mode%20container/badge.svg) +![](https://github.com/skalenetwork/sgxwallet/workflows/Build,%20test%20and%20push%20sim%20mode%20container/badge.svg) ## Running sgxwallet diff --git a/docs/building.md b/docs/building.md index da081ac6..22b0c59b 100644 --- a/docs/building.md +++ b/docs/building.md @@ -23,13 +23,13 @@ Below is a sequence of commands that builds SDK and installs it into /opt/intel ```bash -git clone -b sgx_2.13 --depth 1 https://github.com/intel/linux-sgx +git clone -b sgx_2.25 --depth 1 https://github.com/intel/linux-sgx cd linux-sgx make preparation sudo make sdk_install_pkg_no_mitigation +sudo make psw_install_pkg cd /opt/intel sudo sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' -sudo make psw_install_pkg sudo cp /linux-sgx/linux/installer/bin/sgx_linux_x64_psw*.bin . sudo ./sgx_linux_x64_psw*.bin --no-start-aesm ``` diff --git a/docs/enabling-sgx.md b/docs/enabling-sgx.md index 445acee5..5a9bb29b 100644 --- a/docs/enabling-sgx.md +++ b/docs/enabling-sgx.md @@ -26,7 +26,7 @@ This repo includes the **_sgx_enable_** utility. To enable SGX run: sudo ./sgx_enable ``` -Note: if you are not using Ubuntu 18.04 (Not recommended!), you may need +Note: if you are not using Ubuntu 20.04 (Not recommended!), you may need to rebuild the sgx-software-enable utility before use by typing: ```bash @@ -39,19 +39,19 @@ make Install make and gcc if you do not have it: ```bash -apt-get install build-essential +apt-get install build-essential ``` Run the following command: ```bash -cd scripts; sudo ./sgx_linux_x64_driver_2.11.0_0373e2e.bin; cd .. +cd scripts; sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin; cd .. ``` Alternatively, other driver versions may be downloaded from Intel. -Please note that version `2.11.0_0373e2e` is what is currently supported. +Please note that version `2.11.b6f5b4a` is what is currently supported. -Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed. +Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed. If you do not see the `isgx` device, you need to troubleshoot your driver installation. If driver installation fails, you can also try installing driver from the @@ -65,7 +65,7 @@ And then follow instructions in README.md ## Troubleshooting Installation -- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog` +- If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog` Intel SGX needs to be enabled in BIOS. - If you are running in Intel SGX hardware mode, make sure you have device diff --git a/jsonrpc/build.sh b/jsonrpc/build.sh index c9ec83c5..09842f55 100755 --- a/jsonrpc/build.sh +++ b/jsonrpc/build.sh @@ -66,9 +66,10 @@ cd ../.. git clone https://github.com/curl/curl.git cd curl +git checkout curl-8_2_1 mkdir -p build cd build -cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCMAKE_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. +cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DOPENSSL_ROOT_DIR=$OPENSSL_SRC -DBUILD_CURL_EXE=OFF -DBUILD_TESTING=OFF -DCURL_USE_LIBSSH2=OFF -DBUILD_SHARED_LIBS=OFF -DCURL_DISABLE_LDAP=ON -DCURL_STATICLIB=ON -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_TYPE .. echo " " >> lib/curl_config.h echo "#define HAVE_POSIX_STRERROR_R 1" >> lib/curl_config.h echo " " >> lib/curl_config.h @@ -116,6 +117,7 @@ cmake -DCMAKE_INSTALL_PREFIX=$INSTALL_ROOT -DCMAKE_BUILD_TYPE=$TOP_CMAKE_BUILD_T -DWITH_COVERAGE=NO \ -DARGTABLE_INCLUDE_DIR=../../argtable2/src \ -DARGTABLE_LIBRARY=$INSTALL_ROOT/lib/libargtable2${DEBUG_D}.a \ + -DCURL_INCLUDE_DIR=$INSTALL_ROOT/include \ -DJSONCPP_INCLUDE_DIR=$INSTALL_ROOT/include \ .. make diff --git a/libBLS b/libBLS index d9f468fa..4b925941 160000 --- a/libBLS +++ b/libBLS @@ -1 +1 @@ -Subproject commit d9f468fae5a99d7a1d13974dc2a58626b4120e63 +Subproject commit 4b9259418c8cd71804100e787b070a76530189d7 diff --git a/scripts/build_deps.py b/scripts/build_deps.py index 8456cfd3..eaf379c6 100755 --- a/scripts/build_deps.py +++ b/scripts/build_deps.py @@ -23,9 +23,9 @@ # @date 2018 # -import sys import os import subprocess + os.chdir("..") topDir = os.getcwd() print("Starting build") @@ -94,7 +94,7 @@ print("Install Linux SDK"); os.chdir(SCRIPTS_DIR) -assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.19.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0 +assert subprocess.call(["bash", "-c", "./sgx_linux_x64_sdk_2.25.100.3.bin --prefix=" + topDir + "/sgx-sdk-build"]) == 0 print("Make GMP"); diff --git a/scripts/install_packages.sh b/scripts/install_packages.sh index 886e14ef..288a4301 100755 --- a/scripts/install_packages.sh +++ b/scripts/install_packages.sh @@ -1,5 +1,26 @@ #!/bin/bash sudo apt update -sudo apt install -y build-essential make gcc g++ yasm python flex bison automake -sudo apt install -y ccache cmake ccache autoconf texinfo libgcrypt20-dev libgnutls28-dev libtool pkg-config glibc-tools -sudo apt install -y ocaml ocamlbuild +sudo apt install -y build-essential \ + ocaml \ + ocamlbuild \ + automake \ + autoconf \ + libtool \ + wget \ + python-is-python3 \ + libssl-dev \ + git \ + cmake \ + perl \ + libcurl4-openssl-dev \ + protobuf-compiler \ + libprotobuf-dev \ + debhelper \ + reprepro \ + unzip \ + pkgconf \ + libboost-dev \ + libboost-system-dev \ + libboost-thread-dev \ + lsb-release \ + libsystemd0 \ No newline at end of file diff --git a/scripts/sgx_linux_x64_driver_2.11.54c9c4c.bin b/scripts/sgx_linux_x64_driver_2.11.54c9c4c.bin deleted file mode 100644 index 266d9051..00000000 Binary files a/scripts/sgx_linux_x64_driver_2.11.54c9c4c.bin and /dev/null differ diff --git a/scripts/sgx_linux_x64_driver_2.11.b6f5b4a.bin b/scripts/sgx_linux_x64_driver_2.11.b6f5b4a.bin new file mode 100755 index 00000000..7e9120a2 Binary files /dev/null and b/scripts/sgx_linux_x64_driver_2.11.b6f5b4a.bin differ diff --git a/scripts/sgx_linux_x64_sdk_2.19.100.3.bin b/scripts/sgx_linux_x64_sdk_2.19.100.3.bin deleted file mode 100755 index cd4e8789..00000000 Binary files a/scripts/sgx_linux_x64_sdk_2.19.100.3.bin and /dev/null differ diff --git a/scripts/sgx_linux_x64_sdk_2.25.100.3.bin b/scripts/sgx_linux_x64_sdk_2.25.100.3.bin new file mode 100755 index 00000000..b92da35a Binary files /dev/null and b/scripts/sgx_linux_x64_sdk_2.25.100.3.bin differ diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 02878482..6b6c7140 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -203,7 +203,7 @@ void *reallocate_function(void *ptr, size_t osize, size_t nsize) { return (void *) nptr; } -volatile uint64_t counter; +volatile uint64_t counter = 0; void get_global_random(unsigned char *_randBuff, uint64_t _size) { char errString[BUF_LEN]; @@ -220,10 +220,11 @@ void get_global_random(unsigned char *_randBuff, uint64_t _size) { CHECK_STATE(sgx_sha256_init(&shaStateHandle) == SGX_SUCCESS); CHECK_STATE(sgx_sha256_update(globalRandom, 32, shaStateHandle) == SGX_SUCCESS); CHECK_STATE(sgx_sha256_update(&counter, sizeof(counter), shaStateHandle) == SGX_SUCCESS); - CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, (sgx_sha256_hash_t *)globalRandom) == SGX_SUCCESS); + unsigned char tmpBuffer[32]; + CHECK_STATE(sgx_sha256_get_hash(shaStateHandle, (sgx_sha256_hash_t *)tmpBuffer) == SGX_SUCCESS); CHECK_STATE(sgx_sha256_close(shaStateHandle) == SGX_SUCCESS); - - memcpy(_randBuff, globalRandom, _size); + + memcpy(_randBuff, tmpBuffer, _size); } void sealHexSEK(int *errStatus, char *errString,