diff options
author | Neil Horman <nhorman@openssl.org> | 2024-01-01 09:25:03 -0500 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-01-03 12:42:01 -0500 |
commit | 8b9cf1bc2c3085b6e9493a057209ffd0bddf48a6 (patch) | |
tree | ec0b8594a5e4e2445d603220e7ae243e7bf9c666 /providers | |
parent | 6fd37948144b9f0702260fc4aae6bff325e34132 (diff) |
cleanse stack variable in blake2[b|s] finalization
If the output of a blake2[b|s] digest isn't a multipl of 8, then a stack
buffer is used to compute the final output, which is left un-zeroed
prior to return, allowing the potential leak of key data. Ensure that,
if the stack variable is used, it gets cleared prior to return.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23173)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/digests/blake2b_prov.c | 4 | ||||
-rw-r--r-- | providers/implementations/digests/blake2s_prov.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index 970549ed0c..a8b0848234 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -324,8 +324,10 @@ int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c) for (i = 0; i < iter; ++i) store64(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); return 1; diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c index a9a8f9d048..e43f78aaa7 100644 --- a/providers/implementations/digests/blake2s_prov.c +++ b/providers/implementations/digests/blake2s_prov.c @@ -314,8 +314,10 @@ int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c) for (i = 0; i < iter; ++i) store32(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); return 1; |