From 56e688823345bbcfef220b13eb418854f8798b16 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 5 Jan 2015 15:03:12 +0100
Subject: gpg: Clear a possible rest of the KDF secret buffer.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--

That bug has been here since the beginning.  The entire function needs
a review or be be moved to Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/ecdh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/g10/ecdh.c b/g10/ecdh.c
index 0b062394c..07f398312 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -250,7 +250,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
     assert( secret_x_size <= gcry_md_get_algo_dlen (kdf_hash_algo) );
 
     /* We could have allocated more, so clean the tail before returning.  */
-    memset( secret_x+secret_x_size, old_size-secret_x_size, 0 );
+    memset (secret_x+secret_x_size, 0, old_size - secret_x_size);
     if (DBG_CIPHER)
       log_printhex ("ecdh KEK is:", secret_x, secret_x_size );
   }
-- 
cgit v1.2.3