Clear sensitive data in ED25519_sign

author Dr. Stephen Henson <steve@openssl.org>

Thu, 25 May 2017 13:53:32 +0000 (14:53 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 30 May 2017 19:38:21 +0000 (20:38 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 25 May 2017 13:53:32 +0000 (14:53 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 30 May 2017 19:38:21 +0000 (20:38 +0100)
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c

index 72580334ff539279bca01ee093ecd4546b1f5d9a..77f54940363d002a6048b39612f9ed5db6b32799 100644 (file)
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -4599,7 +4599,9 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
    uint8_t hram[SHA512_DIGEST_LENGTH];
    SHA512_CTX hash_ctx;
  
-  SHA512(private_key, 32, az);
+  SHA512_Init(&hash_ctx);
+  SHA512_Update(&hash_ctx, private_key, 32);
+  SHA512_Final(az, &hash_ctx);
  
    az[0] &= 248;
    az[31] &= 63;
@@ -4623,6 +4625,10 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
    x25519_sc_reduce(hram);
    sc_muladd(out_sig + 32, hram, az, nonce);
  
+  OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+  OPENSSL_cleanse(nonce, sizeof(nonce));
+  OPENSSL_cleanse(az, sizeof(az));
+
    return 1;
  }
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 25 May 2017 13:53:32 +0000 (14:53 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 30 May 2017 19:38:21 +0000 (20:38 +0100)