Fix leak of secrecy in ecdh_compute_key()

A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> 2016-10-16 00:53:33 +0200
committer: Matt Caswell <matt@openssl.org> 2016-10-25 22:04:36 +0100
commit: 0e4690165b4beb6777b747b0aeb1646a301f41d9 (patch)
tree: 492728b4185dfa2f638b1c7aa4d01acf97002a4f /crypto
parent: 3ade92e785bb3777c92332f88e23f6ce906ee260 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index df115cc262..d3b05247fe 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
         BN_CTX_end(ctx);
     if (ctx)
         BN_CTX_free(ctx);
-    if (buf)
+    if (buf) {
+        OPENSSL_cleanse(buf, buflen);
         OPENSSL_free(buf);
+    }
     return (ret);
 }
author	Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>	2016-10-16 00:53:33 +0200
committer	Matt Caswell <matt@openssl.org>	2016-10-25 22:04:36 +0100
commit	0e4690165b4beb6777b747b0aeb1646a301f41d9 (patch)
tree	492728b4185dfa2f638b1c7aa4d01acf97002a4f /crypto
parent	3ade92e785bb3777c92332f88e23f6ce906ee260 (diff)