From d61d3634267542a025c653c733f0621986d50da3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= <ahf@0x90.dk>
Date: Sun, 22 Feb 2015 13:26:11 +0100
Subject: [PATCH] Zero out temporary secret key memory.

---
 c_src/enacl_nif.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/c_src/enacl_nif.c b/c_src/enacl_nif.c
index 76f344e..6273eda 100644
--- a/c_src/enacl_nif.c
+++ b/c_src/enacl_nif.c
@@ -82,6 +82,7 @@ ERL_NIF_TERM enif_crypto_verify_32(ErlNifEnv *env, int argc, ERL_NIF_TERM const
 /* Curve 25519 */
 static
 ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
+	ERL_NIF_TERM result;
 	ErlNifBinary secret, basepoint, output;
 	uint8_t bp[crypto_scalarmult_curve25519_BYTES];
 
@@ -97,15 +98,24 @@ ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF
 	/* Clear the high-bit. Better safe than sorry. */
 	bp[31] &= 0x7f;
 
-	if (!enif_alloc_binary(crypto_scalarmult_curve25519_BYTES, &output)) {
-		return nacl_error_tuple(env, "alloc_failed");
-	}
+	do
+	{
+		if (!enif_alloc_binary(crypto_scalarmult_curve25519_BYTES, &output)) {
+			result = nacl_error_tuple(env, "alloc_failed");
+			continue;
+		}
 
-	if (crypto_scalarmult_curve25519(output.data, secret.data, bp) < 0) {
-		return nacl_error_tuple(env, "scalarmult_curve25519_failed");
-	}
+		if (crypto_scalarmult_curve25519(output.data, secret.data, bp) < 0) {
+			result = nacl_error_tuple(env, "scalarmult_curve25519_failed");
+			continue;
+		}
 
-	return enif_make_binary(env, &output);
+		result = enif_make_binary(env, &output);
+	} while (0);
+
+	sodium_memzero(bp, crypto_scalarmult_curve25519_BYTES);
+
+	return result;
 }
 
 /* Public-key cryptography */