From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Sat, 26 Feb 2022 08:58:15 +0000 (+0200)
Subject: Clear temporary results from stack in PBKDF2-SHA1
X-Git-Tag: hostap_2_11~2207
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=007fd6111ddc659461e2df55fa65d0f3351807f3;p=thirdparty%2Fhostap.git

Clear temporary results from stack in PBKDF2-SHA1

Force stack memory to be cleared of temporary values that might contain
keying material.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/src/crypto/sha1-pbkdf2.c b/src/crypto/sha1-pbkdf2.c
index 8effe2fe0..d2bdc95e5 100644
--- a/src/crypto/sha1-pbkdf2.c
+++ b/src/crypto/sha1-pbkdf2.c
@@ -50,6 +50,8 @@ static int pbkdf2_sha1_f(const char *passphrase, const u8 *ssid,
 		for (j = 0; j < SHA1_MAC_LEN; j++)
 			digest[j] ^= tmp2[j];
 	}
+	forced_memzero(tmp, SHA1_MAC_LEN);
+	forced_memzero(tmp2, SHA1_MAC_LEN);
 
 	return 0;
 }
@@ -87,6 +89,7 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len,
 		pos += plen;
 		left -= plen;
 	}
+	forced_memzero(digest, SHA1_MAC_LEN);
 
 	return 0;
 }