From 2a2fe5618945c5b44fe33d509e7feccce27b1375 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 11 Oct 2022 14:02:29 +0200 Subject: [PATCH] scalarmult(): don't use the output as a temporary buffer So that application can use the same pointer for the public key and the shared secret. --- .../crypto_scalarmult/curve25519/ref10/x25519_ref10.c | 4 +++- .../crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c index 9eaf0235..d2989228 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c +++ b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c @@ -74,7 +74,7 @@ crypto_scalarmult_curve25519_ref10(unsigned char *q, const unsigned char *n, const unsigned char *p) { - unsigned char *t = q; + unsigned char t[32]; unsigned int i; fe25519 x1; fe25519 x2; @@ -136,6 +136,8 @@ crypto_scalarmult_curve25519_ref10(unsigned char *q, fe25519_mul(x2, x2, z2); fe25519_tobytes(q, x2); + sodium_memzero(t, sizeof t); + return 0; } diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c index 0f8f8b13..74207591 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c @@ -24,7 +24,7 @@ static int crypto_scalarmult_curve25519_sandy2x(unsigned char *q, const unsigned char *n, const unsigned char *p) { - unsigned char *t = q; + unsigned char t[32]; fe var[3]; fe51 x_51; fe51 z_51; @@ -57,6 +57,8 @@ crypto_scalarmult_curve25519_sandy2x(unsigned char *q, const unsigned char *n, fe51_mul(&x_51, &x_51, &z_51); fe51_pack(q, &x_51); + sodium_memzero(t, sizeof t); + return 0; }