[openssl-commits] [openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Fri Aug 25 14:37:35 UTC 2017 

The branch master has been updated
       via  3790a2f697985885821873e18c366690eba03e20 (commit)
       via  78f1e4d0b063e17c9700f2aceecaca03bfa434f3 (commit)
      from  bf208d9501b7b367da55236a418e6c3e09bf5877 (commit)


- Log -----------------------------------------------------------------
commit 3790a2f697985885821873e18c366690eba03e20
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Thu Aug 24 08:09:31 2017 +0200

    Clear secret stack values after use in the ED25519-functions
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4242)

commit 78f1e4d0b063e17c9700f2aceecaca03bfa434f3
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Thu Aug 24 07:53:13 2017 +0200

    Clear secret stack values after use in curve25519.c
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4242)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/curve25519.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index e467eef..8002b3e 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -3448,6 +3448,8 @@ static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
     ge_madd(&r, h, &t);
     ge_p1p1_to_p3(h, &r);
   }
+
+  OPENSSL_cleanse(e, sizeof(e));
 }
 
 /* Replace (f,g) with (g,f) if b == 1;
@@ -3578,6 +3580,8 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
   fe_invert(z2, z2);
   fe_mul(x2, x2, z2);
   fe_tobytes(out, x2);
+
+  OPENSSL_cleanse(e, sizeof(e));
 }
 
 static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
@@ -4635,7 +4639,6 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
 int ED25519_verify(const uint8_t *message, size_t message_len,
                    const uint8_t signature[64], const uint8_t public_key[32]) {
   ge_p3 A;
-  uint8_t pkcopy[32];
   uint8_t rcopy[32];
   uint8_t scopy[32];
   SHA512_CTX hash_ctx;
@@ -4651,7 +4654,6 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
   fe_neg(A.X, A.X);
   fe_neg(A.T, A.T);
 
-  memcpy(pkcopy, public_key, 32);
   memcpy(rcopy, signature, 32);
   memcpy(scopy, signature + 32, 32);
 
@@ -4683,6 +4685,8 @@ void ED25519_public_from_private(uint8_t out_public_key[32],
 
   ge_scalarmult_base(&A, az);
   ge_p3_tobytes(out_public_key, &A);
+
+  OPENSSL_cleanse(az, sizeof(az));
 }
 
 int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
@@ -4713,4 +4717,6 @@ void X25519_public_from_private(uint8_t out_public_value[32],
   fe_invert(zminusy_inv, zminusy);
   fe_mul(zplusy, zplusy, zminusy_inv);
   fe_tobytes(out_public_value, zplusy);
+
+  OPENSSL_cleanse(e, sizeof(e));
 }

More information about the openssl-commits mailing list