SAE: Explicitly clear SAE(k)

The code never cleared SAE(k) and the data could remain on the stack for
a longer period of time. This caused a test failure when running with
ASAN enabled.

Explicitly clear the variable to ensure no data is leaked.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>

diff --git a/src/common/sae.c b/src/common/sae.c
index 801f36301d8fd37be5117fa5c70333bcdcf72078..8005095fc620d3293cabc6db924dd25b05eae291 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -1670,12 +1670,17 @@ fail:
 int sae_process_commit(struct sae_data *sae)
 {
        u8 k[SAE_MAX_PRIME_LEN];
+       int ret = 0;
+
        if (sae->tmp == NULL ||
            (sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
            (sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
            sae_derive_keys(sae, k) < 0)
-               return -1;
-       return 0;
+               ret = -1;
+
+       forced_memzero(k, SAE_MAX_PRIME_LEN);
+
+       return ret;
 }