Component: ssl/tls_srp.c SRP server path

Summary: In ssl_srp_server_param_with_username_intern, s->srp_ctx.b is allocated from random bytes and left resident if SRP_Calc_B_ex fails. The function returns SSL3_AL_FATAL without clearing or freeing b. Cleanup paths also use BN_free for sensitive BIGNUMs, not BN_clear_free.

Impact: Ephemeral SRP secret material can persist in heap memory and be exposed via core dumps or heap disclosure during server SRP handshake.

Affected code:

Allocation of b then immediate call to SRP_Calc_B_ex, early return on error without clearing b.

ssl_srp_ctx_free_intern and ssl_ctx_srp_ctx_free_intern use BN_free on a, b, v (and s).

Expected behavior: Secret BIGNUMs are wiped on error and at teardown.

Actual behavior: b is not cleared on the error path and secrets are freed without wiping.

Repro (one way): Build with SRP enabled, trigger SRP_Calc_B_ex to return NULL by providing invalid SRP params on the server. Observe that s->srp_ctx.b remains allocated until later teardown and is freed with BN_free.