Context: During signature generation, we gradually write information into the output signature buffer, and even use it as a scratch pad.
Issue: The signature buffer is user-provided and should be seen as an untrusted; e.g. imagine an untrusted process calling a separate trusted signing process, asking it to write the signature into a dedicated shared buffer. We need to make sure that no sensitive information is leaked, even temporarily, into the signature buffer.
Task:
In case we find that we do write sensitive temporary information to the signature buffer, this must be explicitly stated in the public API, so that the caller can work on a copy accordingly.
Context: During signature generation, we gradually write information into the output signature buffer, and even use it as a scratch pad.
Issue: The signature buffer is user-provided and should be seen as an untrusted; e.g. imagine an untrusted process calling a separate trusted signing process, asking it to write the signature into a dedicated shared buffer. We need to make sure that no sensitive information is leaked, even temporarily, into the signature buffer.
Task:
In case we find that we do write sensitive temporary information to the signature buffer, this must be explicitly stated in the public API, so that the caller can work on a copy accordingly.