From 9d370c48b6908388346b870e427e247b40800840 Mon Sep 17 00:00:00 2001
From: Andrey Semashev <andrey.semashev@gmail.com>
Date: Wed, 27 Jul 2022 00:12:15 +0300
Subject: [PATCH] tls: Securely clear memory from private key material.

This ensures that sensitive data is not left on the stack.
---
 src/tls/openssl/tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index ee79653d7..f6f0eba40 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -1195,6 +1195,8 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
 	memcpy(cli_key + key_size, p, salt_size); p += salt_size;
 	memcpy(srv_key + key_size, p, salt_size);
 
+	mem_secclean(keymat, sizeof(keymat));
+
 	return 0;
 #else
 	(void)tc;