X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fed25519%2Fecdh.c;h=cfb2077b3f59a41e0ba421bf853814628bdc7838;hb=2f2bda4d1953617b945f1222e008cb53edee162a;hp=302fafd857905623826e0b92b7a96d9e4182c430;hpb=3a316823b971396a428f020f401b9fe41252d98d;p=tinc

diff --git a/src/ed25519/ecdh.c b/src/ed25519/ecdh.c
index 302fafd8..cfb2077b 100644
--- a/src/ed25519/ecdh.c
+++ b/src/ed25519/ecdh.c
@@ -18,6 +18,7 @@
 */
 
 #include "../system.h"
+#include "../random.h"
 
 #include "ed25519.h"
 
@@ -26,7 +27,6 @@ typedef struct ecdh_t {
 	uint8_t private[64];
 } ecdh_t;
 
-#include "../crypto.h"
 #include "../ecdh.h"
 #include "../xalloc.h"
 
@@ -36,16 +36,17 @@ ecdh_t *ecdh_generate_public(void *pubkey) {
 	uint8_t seed[32];
 	randomize(seed, sizeof(seed));
 	ed25519_create_keypair(pubkey, ecdh->private, seed);
+	memzero(seed, sizeof(seed));
 
 	return ecdh;
 }
 
 bool ecdh_compute_shared(ecdh_t *ecdh, const void *pubkey, void *shared) {
 	ed25519_key_exchange(shared, pubkey, ecdh->private);
-	free(ecdh);
+	ecdh_free(ecdh);
 	return true;
 }
 
 void ecdh_free(ecdh_t *ecdh) {
-	free(ecdh);
+	xzfree(ecdh, sizeof(ecdh_t));
 }