Commit e5e71f28 authored by Rich Salz's avatar Rich Salz
Browse files

Zero stack variable with DSA nonce 



Thanks to Falko Strenzke for bringing this to our attention.

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1882)
parent 513d76f4

crypto/bn/bn_rand.c

+1 −0
Original line number Diff line number Diff line
@@ -253,5 +253,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, 


 err:

    OPENSSL_free(k_bytes);

    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));

    return ret;

}