[openssl/openssl] 580139: cleanse stack variable in blake2[b|s] finalization

Neil Horman noreply at github.com
Wed Jan 3 17:57:50 UTC 2024


  Branch: refs/heads/openssl-3.1
  Home:   https://github.com/openssl/openssl
  Commit: 58013938ff0ffc2df1c5d89e7b28a25bd4f741b4
      https://github.com/openssl/openssl/commit/58013938ff0ffc2df1c5d89e7b28a25bd4f741b4
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-03 (Wed, 03 Jan 2024)

  Changed paths:
    M providers/implementations/digests/blake2b_prov.c
    M providers/implementations/digests/blake2s_prov.c

  Log Message:
  -----------
  cleanse stack variable in blake2[b|s] finalization

If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data.  Ensure that,
if the stack variable is used, it gets cleared prior to return.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)

(cherry picked from commit 8b9cf1bc2c3085b6e9493a057209ffd0bddf48a6)




More information about the openssl-commits mailing list