Make sure we also cleanse the finished key
authorMatt Caswell <matt@openssl.org>
Wed, 18 Jan 2017 11:52:50 +0000 (11:52 +0000)
committerMatt Caswell <matt@openssl.org>
Mon, 30 Jan 2017 10:18:21 +0000 (10:18 +0000)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2259)

ssl/statem/extensions_clnt.c

index 04dbea1..eb8cfa3 100644 (file)
@@ -820,6 +820,7 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
     ret = 1;
  err:
     OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
     EVP_PKEY_free(mackey);
     EVP_MD_CTX_free(mctx);