]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cc5dd4f) | patch
slh_dsa: cleanse generated add_random buffer
authorMounir IDRASSI <mounir.idrassi@idrix.fr>
Wed, 29 Apr 2026 11:21:51 +0000 (20:21 +0900)
committerNorbert Pocs <norbertp@openssl.org>
Sun, 3 May 2026 14:49:14 +0000 (16:49 +0200)
commit8780b5bcff9dc3be5c072bdb179ce975a0d05cfd
tree163820957d4ed14d9b153a81a58434f5171f10cctree | snapshot
parentcc5dd4ff66ff0cb000a15396620e9c00714d6f64commit | diff
slh_dsa: cleanse generated add_random buffer

Fix the inverted cleanse guard in the SLH DSA provider signing path.

When randomized signing populates the local add_rand buffer, the cleanup step currently skips that stack buffer. Other signing modes do not create this transient buffer, so they should not drive this cleanup. Swap the guard so only the transient per signature buffer is cleansed, and cleanse the full fixed size buffer directly.

Fixes #30950

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Sun May  3 14:49:20 2026
(Merged from https://github.com/openssl/openssl/pull/31029)
providers/implementations/signature/slh_dsa_sig.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git