From ab0c921abc95eecbe93ec6d3ae73409cbecb4f0d Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 2 Jul 2023 11:29:36 +0000
Subject: Unconditionally zero the ECDH key

While memset() is quite expensive, we can afford zeroing a few extra bytes
to make this code more readable.

ok beck jsing
---
 src/lib/libcrypto/ecdh/ech_key.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c
index d93e95b239..bac5b6e28d 100644
--- a/src/lib/libcrypto/ecdh/ech_key.c
+++ b/src/lib/libcrypto/ecdh/ech_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_key.c,v 1.31 2023/07/02 03:11:51 tb Exp $ */
+/* $OpenBSD: ech_key.c,v 1.32 2023/07/02 11:29:36 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -68,7 +68,6 @@
  */
 
 #include <limits.h>
-#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -163,11 +162,9 @@ ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 			goto err;
 		}
 	} else {
-		/* No KDF, just copy out the key and zero the rest. */
-		if (outlen > buflen) {
-			memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);
+		memset(out, 0, outlen);
+		if (outlen > buflen)
 			outlen = buflen;
-		}
 		memcpy(out, buf, outlen);
 	}
 
-- 
cgit v1.2.3-55-g6feb