[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Tue Nov 8 22:42:31 UTC 2016

The branch OpenSSL_1_1_0-stable has been updated
       via  1bb02559e39cf53ef74656b1965771befcece36a (commit)
      from  cafe1c7abebad0897fef8710ba3db4dc5b4402d2 (commit)

- Log -----------------------------------------------------------------
commit 1bb02559e39cf53ef74656b1965771befcece36a
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Nov 8 15:56:04 2016 -0500

    Zero stack variable with DSA nonce
    Thanks to Falko Strenzke for bringing this to our attention.
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1882)
    (cherry picked from commit e5e71f2857275189577ab7b227608ab4ec985471)


Summary of changes:
 crypto/bn/bn_rand.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index c577fd1..9ce4c5f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -253,5 +253,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
     return ret;

More information about the openssl-commits mailing list