Zero stack variable with DSA nonce

Thanks to Falko Strenzke for bringing this to our attention. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1882)
author: Rich Salz <rsalz@openssl.org> 2016-11-08 21:56:04 +0100
committer: Rich Salz <rsalz@openssl.org> 2016-11-08 23:20:13 +0100
commit: e5e71f2857275189577ab7b227608ab4ec985471 (patch)
tree: d201da7627b2cea2fa5e60562f0e3d33991f65ef /crypto/bn
parent: Fix zlib BIO_METHOD for latest BIO_METHOD structure changes (diff)
download: openssl-e5e71f2857275189577ab7b227608ab4ec985471.tar.xz
openssl-e5e71f2857275189577ab7b227608ab4ec985471.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c577fd169d..9ce4c5f606 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -253,5 +253,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 
  err:
     OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;
 }
author	Rich Salz <rsalz@openssl.org>	2016-11-08 21:56:04 +0100
committer	Rich Salz <rsalz@openssl.org>	2016-11-08 23:20:13 +0100
commit	e5e71f2857275189577ab7b227608ab4ec985471 (patch)
tree	d201da7627b2cea2fa5e60562f0e3d33991f65ef /crypto/bn
parent	Fix zlib BIO_METHOD for latest BIO_METHOD structure changes (diff)
download	openssl-e5e71f2857275189577ab7b227608ab4ec985471.tar.xz openssl-e5e71f2857275189577ab7b227608ab4ec985471.zip