From e34b1bb692b0e74b2b72218705509b1c7ece2a12 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 7 Dec 2016 13:17:33 +0000
Subject: Ensure that we zero memory used to hold the ASN.1 encoded session,
 since this contains the session master key.

ok deraadt@ doug@
---
 src/lib/libssl/ssl_asn1.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 1b93886868..a27858c955 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.44 2016/12/03 12:34:35 jsing Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.45 2016/12/07 13:17:33 jsing Exp $ */
 
 /*
  * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
@@ -206,6 +206,9 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
 	rv = (int)data_len;
 
  err:
+	if (data != NULL)
+		explicit_bzero(data, data_len);
+
 	CBB_cleanup(&session);
 	free(peer_cert_bytes);
 	free(data);
-- 
cgit v1.2.3-55-g6feb