Commit 8780b5bcff for openssl.org

commit 8780b5bcff9dc3be5c072bdb179ce975a0d05cfd
Author: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date:   Wed Apr 29 20:21:51 2026 +0900

    slh_dsa: cleanse generated add_random buffer

    Fix the inverted cleanse guard in the SLH DSA provider signing path.

    When randomized signing populates the local add_rand buffer, the cleanup step currently skips that stack buffer. Other signing modes do not create this transient buffer, so they should not drive this cleanup. Swap the guard so only the transient per signature buffer is cleansed, and cleanse the full fixed size buffer directly.

    Fixes #30950

    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Sun May  3 14:49:20 2026
    (Merged from https://github.com/openssl/openssl/pull/31029)

diff --git a/providers/implementations/signature/slh_dsa_sig.c b/providers/implementations/signature/slh_dsa_sig.c
index 421b75df20..fa315a7b84 100644
--- a/providers/implementations/signature/slh_dsa_sig.c
+++ b/providers/implementations/signature/slh_dsa_sig.c
@@ -241,8 +241,9 @@ static int slh_dsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
         ctx->context_string, ctx->context_string_len,
         opt_rand, ctx->msg_encode,
         sig, siglen, sigsize);
-    if (opt_rand != add_rand)
-        OPENSSL_cleanse(opt_rand, n);
+    /* Only cleanse the temporary buffer generated for this signature. */
+    if (opt_rand == add_rand)
+        OPENSSL_cleanse(add_rand, sizeof(add_rand));
     return ret;
 }