From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Wed, 29 Apr 2026 11:21:51 +0000 (+0900)
Subject: slh_dsa: cleanse generated add_random buffer
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8780b5bcff9dc3be5c072bdb179ce975a0d05cfd;p=thirdparty%2Fopenssl.git

slh_dsa: cleanse generated add_random buffer

Fix the inverted cleanse guard in the SLH DSA provider signing path.

When randomized signing populates the local add_rand buffer, the cleanup step currently skips that stack buffer. Other signing modes do not create this transient buffer, so they should not drive this cleanup. Swap the guard so only the transient per signature buffer is cleansed, and cleanse the full fixed size buffer directly.

Fixes #30950

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Sun May  3 14:49:20 2026
(Merged from https://github.com/openssl/openssl/pull/31029)
---

diff --git a/providers/implementations/signature/slh_dsa_sig.c b/providers/implementations/signature/slh_dsa_sig.c
index 421b75df20a..fa315a7b84a 100644
--- a/providers/implementations/signature/slh_dsa_sig.c
+++ b/providers/implementations/signature/slh_dsa_sig.c
@@ -241,8 +241,9 @@ static int slh_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
         ctx->context_string, ctx->context_string_len,
         opt_rand, ctx->msg_encode,
         sig, siglen, sigsize);
-    if (opt_rand != add_rand)
-        OPENSSL_cleanse(opt_rand, n);
+    /* Only cleanse the temporary buffer generated for this signature. */
+    if (opt_rand == add_rand)
+        OPENSSL_cleanse(add_rand, sizeof(add_rand));
     return ret;
 }