wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clear sensitive data in ED25519_sign

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
This commit is contained in:
Dr. Stephen Henson 2017-05-25 14:53:32 +01:00
parent 74e7836104
commit 04dec1ab34
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
crypto/ec/curve25519.c
View file

@ -4599,7 +4599,9 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
uint8_t hram[SHA512_DIGEST_LENGTH];
SHA512_CTX hash_ctx;
SHA512(private_key, 32, az);
SHA512_Init(&hash_ctx);
SHA512_Update(&hash_ctx, private_key, 32);
SHA512_Final(az, &hash_ctx);
az[0] &= 248;
az[31] &= 63;
@ -4623,6 +4625,10 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
x25519_sc_reduce(hram);
sc_muladd(out_sig + 32, hram, az, nonce);
OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
OPENSSL_cleanse(nonce, sizeof(nonce));
OPENSSL_cleanse(az, sizeof(az));
return 1;
}