diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2018-09-04 08:12:13 +0300 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-09-04 22:06:00 +0300 |
commit | 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 (patch) | |
tree | 3622c1d3df837837ae4a31e91b44e9481de29c2f /ssl | |
parent | 17147181bd3f97c53592e2a5c9319b854b954039 (diff) |
key zeroization fix for a branch path of tls13_final_finish_mac
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7110)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/tls13_enc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 22db2f8237..f7ab0fa470 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, hashlen); + OPENSSL_cleanse(finsecret, sizeof(finsecret)); } if (key == NULL |