projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
key zeroization fix for a branch path of tls13_final_finish_mac
[openssl.git] / ssl / tls13_enc.c
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 22db2f8237333292bc2a8644690679f53fbd8f4e..f7ab0fa4704003dbf111e41667b6695875b9405d 100644 (file)
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
 
         key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
                                            hashlen);
+        OPENSSL_cleanse(finsecret, sizeof(finsecret));
     }
 
     if (key == NULL
Unnamed repository; edit this file 'description' to name the repository.