Free and zero DH/ECDH temporary key after use.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 13 Feb 2016 02:27:33 +0000 (02:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 13 Feb 2016 13:17:08 +0000 (13:17 +0000)
PR#4303

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
ssl/statem/statem_srvr.c

index 4d40d0f9f39f071782df3e42d5ad00ba26d6718c..e4c018a9db1f8d2a5caa4e44733c1a3e8487a603 100644 (file)
@@ -2360,6 +2360,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
     } else
 #endif
@@ -2412,6 +2414,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
         return MSG_PROCESS_CONTINUE_PROCESSING;
     } else