From 78a6b7d2d1ccb971be3827e4ef26b3e7a4de8172 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 24 Apr 2020 21:29:42 +0000
Subject: [PATCH] mod_ssl: follow up to r1876934: use OPENSSL_cleanse().

memset() might be optimized away by the compiler since buf[] (on the stack)
is not used anymore.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876950 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 5fc25881c4b..ff9f1ad21a2 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1626,7 +1626,7 @@ static apr_status_t ssl_init_ticket_key(server_rec *s,
     res = SSL_CTX_set_tlsext_ticket_key_evp_cb(mctx->ssl_ctx,
                                                ssl_callback_SessionTicket);
 #endif
-    memset(buf, 0, sizeof(buf));
+    OPENSSL_cleanse(buf, sizeof(buf));
     if (!res) {
         ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01913)
                      "Unable to initialize TLS session ticket key callback "
-- 
2.47.3