diff --git a/library/dhm.c b/library/dhm.c
index 0a4f82028..6109e0a7a 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -532,7 +532,10 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
     if( fread( *buf, 1, *n, f ) != *n )
     {
         fclose( f );
+
+        polarssl_zeroize( *buf, *n + 1 );
         polarssl_free( *buf );
+
         return( POLARSSL_ERR_DHM_FILE_IO_ERROR );
     }