From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 13 Feb 2016 02:27:33 +0000 (+0000)
Subject: Free and zero DH/ECDH temporary key after use.
X-Git-Tag: OpenSSL_1_1_0-pre3~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b326dc529e19194feaef9a65fa37efbe11eaa7e;p=thirdparty%2Fopenssl.git

Free and zero DH/ECDH temporary key after use.

PR#4303

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
---

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4d40d0f9f39..e4c018a9db1 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2360,6 +2360,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
     } else
 #endif
@@ -2412,6 +2414,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
         return MSG_PROCESS_CONTINUE_PROCESSING;
     } else