From: slontis <shane.lontis@oracle.com>
Date: Thu, 22 Dec 2022 02:01:02 +0000 (+1000)
Subject: Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.
X-Git-Tag: openssl-3.2.0-alpha1~1553
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=177d433bda2ffd287d676bc53b549b6c246973e6;p=thirdparty%2Fopenssl.git

Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.

Fixes #9205

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19954)
---

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 46ace0744de..3b213d46c5c 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -318,7 +318,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
  err:
     EVP_MD_CTX_free(mdctx);
     EVP_MD_free(md);
-    OPENSSL_free(k_bytes);
+    OPENSSL_clear_free(k_bytes, num_k_bytes);
+    OPENSSL_cleanse(digest, sizeof(digest));
+    OPENSSL_cleanse(random_bytes, sizeof(random_bytes));
     OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;
 }