More secure storage of key material.

[openssl.git] / crypto / dh / dh_ameth.c

diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 98f8570a2f43bf75277c64f5a2bdf01d024f3df8..efb3d805e84898ed481ba1be3e7d4df8dbdbdf11 100644 (file)
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -228,7 +228,8 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
         goto decerr;
 
     /* We have parameters now set private key */
-    if ((dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)) == NULL) {
+    if ((dh->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
         DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
         goto dherr;
     }