Cleanse internal BN_generate_dsa_nonce() buffers used to generate k.

Fixes #9205 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19954) (cherry picked from commit 177d433bda2ffd287d676bc53b549b6c246973e6)
author: slontis <shane.lontis@oracle.com> 2022-12-22 12:01:02 +1000
committer: Tomas Mraz <tomas@openssl.org> 2023-01-04 16:35:02 +0100
commit: 7736379c5c046c6fec7d41369d307db4c8702eac (patch)
tree: 0869068468459f3879788a4d800da7f29529f940 /crypto
parent: 1bd53640a2a57be33dad74866fa7cdc59cc4101e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 05d4c6ecd7..d4d574a5c1 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -320,7 +320,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
  err:
     EVP_MD_CTX_free(mdctx);
     EVP_MD_free(md);
-    OPENSSL_free(k_bytes);
+    OPENSSL_clear_free(k_bytes, num_k_bytes);
+    OPENSSL_cleanse(digest, sizeof(digest));
+    OPENSSL_cleanse(random_bytes, sizeof(random_bytes));
     OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;
 }
author	slontis <shane.lontis@oracle.com>	2022-12-22 12:01:02 +1000
committer	Tomas Mraz <tomas@openssl.org>	2023-01-04 16:35:02 +0100
commit	7736379c5c046c6fec7d41369d307db4c8702eac (patch)
tree	0869068468459f3879788a4d800da7f29529f940 /crypto
parent	1bd53640a2a57be33dad74866fa7cdc59cc4101e (diff)