Explicitly clear temporary stack buffer in hmac_sha256_kdf()

author Jouni Malinen <j@w1.fi>

Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)

committer Jouni Malinen <j@w1.fi>

Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)
author Jouni Malinen <j@w1.fi>
Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)
committer Jouni Malinen <j@w1.fi>
Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)
diff --git a/src/crypto/sha256-kdf.c b/src/crypto/sha256-kdf.c

index d8a1beb32e9080728865c32ddedd93f6c3dc72c8..e7509ce41aba4dd13601b42fc6a62936281a0bfc 100644 (file)
--- a/src/crypto/sha256-kdf.c
+++ b/src/crypto/sha256-kdf.c
@@ -61,6 +61,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
  
                 if (iter == 255) {
                         os_memset(out, 0, outlen);
+                       os_memset(T, 0, SHA256_MAC_LEN);
                         return -1;
                 }
                 iter++;
@@ -68,9 +69,11 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
                 if (hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0)
                 {
                         os_memset(out, 0, outlen);
+                       os_memset(T, 0, SHA256_MAC_LEN);
                         return -1;
                 }
         }
  
+       os_memset(T, 0, SHA256_MAC_LEN);
         return 0;
  }
author	Jouni Malinen <j@w1.fi>
	Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)
committer	Jouni Malinen <j@w1.fi>
	Sun, 29 Mar 2015 13:38:37 +0000 (16:38 +0300)