Update trace code.

[oweals/openssl.git] / ssl / s3_srvr.c

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 68234ecc18b8754062bb09a812c0f92a457856e0..90a67d11057455c5c43916b51ce14795a54bfb87 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2238,7 +2238,6 @@ int ssl3_get_client_key_exchange(SSL *s)
     BIGNUM *pub = NULL;
     DH *dh_srvr, *dh_clnt = NULL;
 #endif
-
 #ifndef OPENSSL_NO_EC
     EC_KEY *srvr_ecdh = NULL;
     EVP_PKEY *clnt_pub_pkey = NULL;
@@ -2676,7 +2675,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         psk_len = s->psk_server_callback(s, tmp_id,
                                          psk_or_pre_ms,
                                          sizeof(psk_or_pre_ms));
-        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
+        OPENSSL_cleanse(tmp_id, sizeof(tmp_id));
 
         if (psk_len > PSK_MAX_PSK_LEN) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
@@ -2826,6 +2825,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                                                         s->
                                                         session->master_key,
                                                         premaster_secret, 32);
+        OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret));
         if (s->session->master_key_length < 0) {
             al = SSL_AD_INTERNAL_ERROR;
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);