From: Jouni Malinen <j@w1.fi>
Date: Sun, 29 Mar 2015 13:40:55 +0000 (+0300)
Subject: Explicitly clear temporary stack buffer in sha1_t_prf()
X-Git-Tag: hostap_2_5~896
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=940a4dbf66ddef4aff3ca7f1c3177fd582f72d40;p=thirdparty%2Fhostap.git

Explicitly clear temporary stack buffer in sha1_t_prf()

The local hash[] buffer may contain parts of the derived key, so clear
it explicitly to minimize number of unnecessary copies of key material
in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c
index a52949462..562510f89 100644
--- a/src/crypto/sha1-tprf.c
+++ b/src/crypto/sha1-tprf.c
@@ -66,5 +66,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label,
 		len[0] = SHA1_MAC_LEN;
 	}
 
+	os_memset(hash, 0, SHA1_MAC_LEN);
+
 	return 0;
 }