diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-02 11:29:37 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-02 11:29:37 +0000 |
| commit | 03216f8d4a542fe394cb609b2e6993d0a9c643cc (patch) | |
| tree | 315d35c6eb37ae4921dfde295fb73d23e59040f0 /lib/libcrypto/ecdh | |
| parent | e92b63e235b2cf147f297acd4d587254feb41109 (diff) | |
Unconditionally zero the ECDH key
While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.
ok beck jsing
Diffstat (limited to 'lib/libcrypto/ecdh')
| -rw-r--r-- | lib/libcrypto/ecdh/ech_key.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/lib/libcrypto/ecdh/ech_key.c b/lib/libcrypto/ecdh/ech_key.c index d93e95b2394..bac5b6e28da 100644 --- a/lib/libcrypto/ecdh/ech_key.c +++ b/lib/libcrypto/ecdh/ech_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ech_key.c,v 1.31 2023/07/02 03:11:51 tb Exp $ */ +/* $OpenBSD: ech_key.c,v 1.32 2023/07/02 11:29:36 tb Exp $ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -68,7 +68,6 @@ */ #include <limits.h> -#include <stdint.h> #include <stdlib.h> #include <string.h> @@ -163,11 +162,9 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, goto err; } } else { - /* No KDF, just copy out the key and zero the rest. */ - if (outlen > buflen) { - memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen); + memset(out, 0, outlen); + if (outlen > buflen) outlen = buflen; - } memcpy(out, buf, outlen); } |