diff options
| author | RyanSquared <ryan@hashbang.sh> | 2024-01-26 00:58:25 -0500 |
|---|---|---|
| committer | RyanSquared <ryan@hashbang.sh> | 2024-01-26 01:06:51 -0500 |
| commit | 7b0f36a235ddaae7217fa158d13f27df9dfe9b36 (patch) | |
| tree | cd505e8c3413af657416fb29bd8eb13aac4cb31b | |
| parent | 276aab39514c51d68b41b898631deb53ecf96bd4 (diff) | |
openpgp: Zero the stack after nettle's ed25519::public_keyryan/zero-stack-ed25519-pubkey
- libgmp, a dependency of nettle, does not appropriately zero the
input after calling `mpn_mul_n`. Because of this, it is possible for
an ed25519 private key to be kept on the stack. This only occurs on
some systems and may depend on the optimization of the compiler
building libgmp.
- Fixes #1080.
| -rw-r--r-- | openpgp/src/crypto/backend/nettle/asymmetric.rs | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openpgp/src/crypto/backend/nettle/asymmetric.rs b/openpgp/src/crypto/backend/nettle/asymmetric.rs index 405074a0..ac679146 100644 --- a/openpgp/src/crypto/backend/nettle/asymmetric.rs +++ b/openpgp/src/crypto/backend/nettle/asymmetric.rs @@ -74,7 +74,9 @@ impl Asymmetric for super::Backend { fn ed25519_derive_public(secret: &Protected) -> Result<[u8; 32]> { debug_assert_eq!(ed25519::ED25519_KEY_SIZE, 32); let mut public = [0; 32]; - ed25519::public_key(&mut public, secret)?; + zero_stack!(2048 bytes after running { + ed25519::public_key(&mut public, secret) + })?; Ok(public) } |