Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.

author slontis <shane.lontis@oracle.com>

Thu, 22 Dec 2022 02:01:02 +0000 (12:01 +1000)

committer Tomas Mraz <tomas@openssl.org>

Wed, 4 Jan 2023 15:33:47 +0000 (16:33 +0100)
author slontis <shane.lontis@oracle.com>
Thu, 22 Dec 2022 02:01:02 +0000 (12:01 +1000)
committer Tomas Mraz <tomas@openssl.org>
Wed, 4 Jan 2023 15:33:47 +0000 (16:33 +0100)
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c

index 46ace0744de3fa87d8f1a9c47e5eb9d5f10f9162..3b213d46c5c626fb06ce0ebbecca3ca436da3b1a 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -318,7 +318,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
   err:
      EVP_MD_CTX_free(mdctx);
      EVP_MD_free(md);
-    OPENSSL_free(k_bytes);
+    OPENSSL_clear_free(k_bytes, num_k_bytes);
+    OPENSSL_cleanse(digest, sizeof(digest));
+    OPENSSL_cleanse(random_bytes, sizeof(random_bytes));
      OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
      return ret;
  }
author	slontis <shane.lontis@oracle.com>
	Thu, 22 Dec 2022 02:01:02 +0000 (12:01 +1000)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 4 Jan 2023 15:33:47 +0000 (16:33 +0100)