Free and zero DH/ECDH temporary key after use.

PR#4303

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4d40d0f9f39f071782df3e42d5ad00ba26d6718c..e4c018a9db1f8d2a5caa4e44733c1a3e8487a603 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2360,6 +2360,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
     } else
 #endif
@@ -2412,6 +2414,8 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
 
         EVP_PKEY_free(ckey);
         ckey = NULL;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
 
         return MSG_PROCESS_CONTINUE_PROCESSING;
     } else