Commit 04dec1ab authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Clear sensitive data in ED25519_sign 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
parent 74e78361

crypto/ec/curve25519.c

+7 −1
Original line number Diff line number Diff line
@@ -4599,7 +4599,9 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 
  uint8_t hram[SHA512_DIGEST_LENGTH];

  SHA512_CTX hash_ctx;



  SHA512(private_key, 32, az);

  SHA512_Init(&hash_ctx);

  SHA512_Update(&hash_ctx, private_key, 32);

  SHA512_Final(az, &hash_ctx);



  az[0] &= 248;

  az[31] &= 63;
@@ -4623,6 +4625,10 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, 
  x25519_sc_reduce(hram);

  sc_muladd(out_sig + 32, hram, az, nonce);



  OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));

  OPENSSL_cleanse(nonce, sizeof(nonce));

  OPENSSL_cleanse(az, sizeof(az));



  return 1;

}