Make sure we also cleanse the finished key Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)

commit: 71c94d3c6115ab853bbdc2e0e1e26da2c8aba76a [log] [tgz]
author: Matt Caswell <matt@openssl.org> Wed Jan 18 11:52:50 2017 +0000
committer: Matt Caswell <matt@openssl.org> Mon Jan 30 10:18:21 2017 +0000
tree: 8087e91a5c81ddcd386128682ab7039637e12bd7
parent: f4bbb37c4c95ea8cdb4b3470098a1b5d7d1977ed [diff]
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 04dbea1..eb8cfa3 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c

@@ -820,6 +820,7 @@
     ret = 1;
  err:
     OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
     EVP_PKEY_free(mackey);
     EVP_MD_CTX_free(mctx);
commit	71c94d3c6115ab853bbdc2e0e1e26da2c8aba76a	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Wed Jan 18 11:52:50 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Mon Jan 30 10:18:21 2017 +0000
tree	8087e91a5c81ddcd386128682ab7039637e12bd7
parent	f4bbb37c4c95ea8cdb4b3470098a1b5d7d1977ed [diff]