Make sure we also cleanse the finished key

author Matt Caswell <matt@openssl.org>

Wed, 18 Jan 2017 11:52:50 +0000 (11:52 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 30 Jan 2017 10:18:21 +0000 (10:18 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 18 Jan 2017 11:52:50 +0000 (11:52 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 30 Jan 2017 10:18:21 +0000 (10:18 +0000)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 04dbea11fd65589a8d501abb76bed67b08fa0479..eb8cfa3b3d715ba8e7455d0545d11d6d3bde2686 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -820,6 +820,7 @@ int tls_construct_ctos_psk(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,
      ret = 1;
   err:
      OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
      EVP_PKEY_free(mackey);
      EVP_MD_CTX_free(mctx);
author	Matt Caswell <matt@openssl.org>
	Wed, 18 Jan 2017 11:52:50 +0000 (11:52 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 30 Jan 2017 10:18:21 +0000 (10:18 +0000)