goto decerr;
/* We have parameters now set private key */
- if ((dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)) == NULL) {
+ if ((dh->priv_key = BN_secure_new()) == NULL
+ || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
goto dherr;
}