Wipe (some) secrets from memory after use

[tinc] / src / ed25519 / ecdh.c

diff --git a/src/ed25519/ecdh.c b/src/ed25519/ecdh.c
index 469f502e18c1a4938d9c74dba2f096a1f5f9890b..cfb2077b3f59a41e0ba421bf853814628bdc7838 100644 (file)
--- a/src/ed25519/ecdh.c
+++ b/src/ed25519/ecdh.c
@@ -36,16 +36,17 @@ ecdh_t *ecdh_generate_public(void *pubkey) {
        uint8_t seed[32];
        randomize(seed, sizeof(seed));
        ed25519_create_keypair(pubkey, ecdh->private, seed);
+       memzero(seed, sizeof(seed));
 
        return ecdh;
 }
 
 bool ecdh_compute_shared(ecdh_t *ecdh, const void *pubkey, void *shared) {
        ed25519_key_exchange(shared, pubkey, ecdh->private);
-       free(ecdh);
+       ecdh_free(ecdh);
        return true;
 }
 
 void ecdh_free(ecdh_t *ecdh) {
-       free(ecdh);
+       xzfree(ecdh, sizeof(ecdh_t));
 }