Make sure we also cleanse the finished key Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2259)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 04dbea1..eb8cfa3 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c
@@ -820,6 +820,7 @@ ret = 1; err: OPENSSL_cleanse(binderkey, sizeof(binderkey)); + OPENSSL_cleanse(finishedkey, sizeof(finishedkey)); EVP_PKEY_free(mackey); EVP_MD_CTX_free(mctx);