key zeroization fix for a branch path of tls13_final_finish_mac

Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7110)
2018-09-04 15:12:13 +10:00 · 2018-09-04 15:12:13 +10:00 · 8f39d8af7d
commit 8f39d8af7d
parent 17147181bd
1 changed files with 1 additions and 0 deletions
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,

        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
                                           hashlen);
+        OPENSSL_cleanse(finsecret, sizeof(finsecret));
    }

    if (key == NULL