Explicitly clear temporary stack buffer in sha1_t_prf()

The local hash[] buffer may contain parts of the derived key, so clear
it explicitly to minimize number of unnecessary copies of key material
in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c
index a52949462f77b9746a3d459cb8a6c4cc624d9d0d..562510f8937d07b316eed5f78b15cc10542e5b5f 100644 (file)
--- a/src/crypto/sha1-tprf.c
+++ b/src/crypto/sha1-tprf.c
@@ -66,5 +66,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label,
                len[0] = SHA1_MAC_LEN;
        }
 
+       os_memset(hash, 0, SHA1_MAC_LEN);
+
        return 0;
 }