From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Date: Mon, 5 Dec 2022 13:36:08 +0000 (+0200)
Subject: crypto: Clear secrets from stack in hmac_sha256_vector()
X-Git-Tag: hostap_2_11~1386
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=998aeca3c83bbc57524375a7a45a4455c7a915e9;p=thirdparty%2Fhostap.git

crypto: Clear secrets from stack in hmac_sha256_vector()

k_pad and tk were not cleared in internal HMAC-SHA256 implementation.
Clear them to avoid leaving secret material in temporary stack
variables.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
---

diff --git a/src/crypto/sha256.c b/src/crypto/sha256.c
index 17af964ad..1ad106864 100644
--- a/src/crypto/sha256.c
+++ b/src/crypto/sha256.c
@@ -30,6 +30,7 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
 	unsigned char tk[32];
 	const u8 *_addr[11];
 	size_t _len[11], i;
+	int ret;
 
 	if (num_elem > 10) {
 		/*
@@ -70,8 +71,9 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
 		_addr[i + 1] = addr[i];
 		_len[i + 1] = len[i];
 	}
-	if (sha256_vector(1 + num_elem, _addr, _len, mac) < 0)
-		return -1;
+	ret = sha256_vector(1 + num_elem, _addr, _len, mac);
+	if (ret < 0)
+		goto fail;
 
 	os_memset(k_pad, 0, sizeof(k_pad));
 	os_memcpy(k_pad, key, key_len);
@@ -84,7 +86,14 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem,
 	_len[0] = 64;
 	_addr[1] = mac;
 	_len[1] = SHA256_MAC_LEN;
-	return sha256_vector(2, _addr, _len, mac);
+
+	ret = sha256_vector(2, _addr, _len, mac);
+
+fail:
+	forced_memzero(k_pad, sizeof(k_pad));
+	forced_memzero(tk, sizeof(tk));
+
+	return ret;
 }