openssl-1_1/openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch

42 lines
1.3 KiB
Diff
Raw Normal View History

From 2281be2ed4a7df462677661d30b13826ae6b3e26 Mon Sep 17 00:00:00 2001
From: Patrick Steuer <patrick.steuer@de.ibm.com>
Date: Tue, 24 Sep 2019 14:44:27 +0200
Subject: [PATCH 09530/10000] s390x assembly pack: cleanse only sensitive
fields
of instruction parameter blocks.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
---
crypto/ec/ecp_s390x_nistp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c
index be81f0b8f0..9533698b0f 100644
--- a/crypto/ec/ecp_s390x_nistp.c
+++ b/crypto/ec/ecp_s390x_nistp.c
@@ -110,7 +110,7 @@ ret:
/* Otherwise use default. */
if (rc == -1)
rc = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
- OPENSSL_cleanse(param, sizeof(param));
+ OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len);
BN_CTX_end(ctx);
BN_CTX_free(new_ctx);
return rc;
@@ -203,7 +203,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
ok = 1;
ret:
- OPENSSL_cleanse(param, sizeof(param));
+ OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len);
if (ok != 1) {
ECDSA_SIG_free(sig);
sig = NULL;
--
2.24.0