DH: Clear memory explicitly on private key deinit

Remove any DH private key from heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/dh_groups.c b/src/crypto/dh_groups.c
index 58e94c393c6ddeeb389c1c1a755f2e0aabb495a2..d3b263196e2d1cfcc38c4c4a1636f6f380318fd7 100644 (file)
--- a/src/crypto/dh_groups.c
+++ b/src/crypto/dh_groups.c
@@ -1198,14 +1198,14 @@ struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
        if (dh == NULL)
                return NULL;
 
-       wpabuf_free(*priv);
+       wpabuf_clear_free(*priv);
        *priv = wpabuf_alloc(dh->prime_len);
        if (*priv == NULL)
                return NULL;
 
        if (random_get_bytes(wpabuf_put(*priv, dh->prime_len), dh->prime_len))
        {
-               wpabuf_free(*priv);
+               wpabuf_clear_free(*priv);
                *priv = NULL;
                return NULL;
        }
@@ -1224,7 +1224,7 @@ struct wpabuf * dh_init(const struct dh_group *dh, struct wpabuf **priv)
                           wpabuf_head(*priv), wpabuf_len(*priv),
                           dh->prime, dh->prime_len, wpabuf_mhead(pv),
                           &pv_len) < 0) {
-               wpabuf_free(pv);
+               wpabuf_clear_free(pv);
                wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
                return NULL;
        }
@@ -1260,7 +1260,7 @@ struct wpabuf * dh_derive_shared(const struct wpabuf *peer_public,
                           wpabuf_head(own_private), wpabuf_len(own_private),
                           dh->prime, dh->prime_len,
                           wpabuf_mhead(shared), &shared_len) < 0) {
-               wpabuf_free(shared);
+               wpabuf_clear_free(shared);
                wpa_printf(MSG_INFO, "DH: crypto_mod_exp failed");
                return NULL;
        }