Zero stack variable with DSA nonce
authorRich Salz <rsalz@openssl.org>
Tue, 8 Nov 2016 20:56:04 +0000 (15:56 -0500)
committerRich Salz <rsalz@openssl.org>
Tue, 8 Nov 2016 22:20:13 +0000 (17:20 -0500)
Thanks to Falko Strenzke for bringing this to our attention.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1882)

crypto/bn/bn_rand.c

index c577fd169d63670527107d2963acc275e4d7a789..9ce4c5f6064515dae98dfb67ab6ff081556781bb 100644 (file)
@@ -253,5 +253,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 
  err:
     OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;
 }