From: Rich Salz <rsalz@openssl.org>
Date: Tue, 8 Nov 2016 20:56:04 +0000 (-0500)
Subject: Zero stack variable with DSA nonce
X-Git-Tag: OpenSSL_1_1_1-pre1~3161
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=e5e71f2857275189577ab7b227608ab4ec985471

Zero stack variable with DSA nonce

Thanks to Falko Strenzke for bringing this to our attention.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1882)
---

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c577fd169d..9ce4c5f606 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -253,5 +253,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
 
  err:
     OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;
 }