Clear secret stack values after use in the ED25519-functions

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Thu, 24 Aug 2017 06:09:31 +0000 (08:09 +0200)

committer Bernd Edlinger <bernd.edlinger@hotmail.de>

Fri, 25 Aug 2017 14:36:21 +0000 (16:36 +0200)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Thu, 24 Aug 2017 06:09:31 +0000 (08:09 +0200)
committer Bernd Edlinger <bernd.edlinger@hotmail.de>
Fri, 25 Aug 2017 14:36:21 +0000 (16:36 +0200)
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c

index 5c7182697a6a5f40b012d9f3eaada5d24bcb7238..8002b3e05aba32259f3ed9a97680fa2bd47c6bf4 100644 (file)
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -4639,7 +4639,6 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
  int ED25519_verify(const uint8_t *message, size_t message_len,
                     const uint8_t signature[64], const uint8_t public_key[32]) {
    ge_p3 A;
-  uint8_t pkcopy[32];
    uint8_t rcopy[32];
    uint8_t scopy[32];
    SHA512_CTX hash_ctx;
@@ -4655,7 +4654,6 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
    fe_neg(A.X, A.X);
    fe_neg(A.T, A.T);
  
-  memcpy(pkcopy, public_key, 32);
    memcpy(rcopy, signature, 32);
    memcpy(scopy, signature + 32, 32);
  
@@ -4687,6 +4685,8 @@ void ED25519_public_from_private(uint8_t out_public_key[32],
  
    ge_scalarmult_base(&A, az);
    ge_p3_tobytes(out_public_key, &A);
+
+  OPENSSL_cleanse(az, sizeof(az));
  }
  
  int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Thu, 24 Aug 2017 06:09:31 +0000 (08:09 +0200)
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Fri, 25 Aug 2017 14:36:21 +0000 (16:36 +0200)