X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_key.c;h=831c2b1d9b63b81fc44bfcd48be75f70bf205648;hp=ff01deca4a6f7ecf5460850e18dcbcb42636e906;hb=895ffe41c2c7ed11f2362cbc59ed7070a4f1fe10;hpb=23a1d5e97cd543d2b8e1b01dbf0f619b2e5ce540

diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index ff01deca4a..831c2b1d9b 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -1,4 +1,3 @@
-/* crypto/dsa/dsa_key.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,7 +57,7 @@
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
@@ -82,7 +81,7 @@ static int dsa_builtin_keygen(DSA *dsa)
         goto err;
 
     if (dsa->priv_key == NULL) {
-        if ((priv_key = BN_new()) == NULL)
+        if ((priv_key = BN_secure_new()) == NULL)
             goto err;
     } else
         priv_key = dsa->priv_key;
@@ -104,16 +103,18 @@ static int dsa_builtin_keygen(DSA *dsa)
 
         if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
             local_prk = prk = BN_new();
-            if (!local_prk)
+            if (local_prk == NULL)
                 goto err;
             BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-        } else
+        } else {
             prk = priv_key;
+        }
 
         if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
             BN_free(local_prk);
             goto err;
         }
+        /* We MUST free local_prk before any further use of priv_key */
         BN_free(local_prk);
     }