From: Jouni Malinen <j@w1.fi>
Date: Sun, 29 Mar 2015 13:43:03 +0000 (+0300)
Subject: Explicitly clear temporary stack buffers in tls_prf_sha1_md5()
X-Git-Tag: hostap_2_5~895
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22ba05c09e001857853b3bd425061b120f32a738;p=thirdparty%2Fhostap.git

Explicitly clear temporary stack buffers in tls_prf_sha1_md5()

The local buffers may contain information used to generate parts of the
derived key, so clear these explicitly to minimize amount of unnecessary
private key-related material in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c
index 0effd9b76..f9bc0ebf6 100644
--- a/src/crypto/sha1-tlsprf.c
+++ b/src/crypto/sha1-tlsprf.c
@@ -95,5 +95,10 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
 		SHA1_pos++;
 	}
 
+	os_memset(A_MD5, 0, MD5_MAC_LEN);
+	os_memset(P_MD5, 0, MD5_MAC_LEN);
+	os_memset(A_SHA1, 0, SHA1_MAC_LEN);
+	os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+
 	return 0;
 }