The branch master has been updated via 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 (commit) from 17147181bd3f97c53592e2a5c9319b854b954039 (commit)
- Log ----------------------------------------------------------------- commit 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 Author: Shane Lontis <shane.lon...@oracle.com> Date: Tue Sep 4 15:12:13 2018 +1000 key zeroization fix for a branch path of tls13_final_finish_mac Reviewed-by: Paul Yang <yang.y...@baishancloud.com> Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7110) ----------------------------------------------------------------------- Summary of changes: ssl/tls13_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 22db2f8..f7ab0fa 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret, hashlen); + OPENSSL_cleanse(finsecret, sizeof(finsecret)); } if (key == NULL _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits