[openssl-commits] [openssl] master update
Paul I. Dale
pauli at openssl.org
Tue Sep 4 19:06:36 UTC 2018
The branch master has been updated
via 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2 (commit)
from 17147181bd3f97c53592e2a5c9319b854b954039 (commit)
- Log -----------------------------------------------------------------
commit 8f39d8af7de12d5ac8699e54cf2fd8ae2325bcf2
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Sep 4 15:12:13 2018 +1000
key zeroization fix for a branch path of tls13_final_finish_mac
Reviewed-by: Paul Yang <yang.yang at baishancloud.com>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7110)
-----------------------------------------------------------------------
Summary of changes:
ssl/tls13_enc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 22db2f8..f7ab0fa 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -271,6 +271,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
hashlen);
+ OPENSSL_cleanse(finsecret, sizeof(finsecret));
}
if (key == NULL
More information about the openssl-commits
mailing list