fips: Zeroize temporary values

The standard says "temporary value(s) generated during the integrity
test of the module's software […] shall be zeroised from the module upon
completion of the integrity test".

That includes the computed HMAC value, which is currently not zeroized
after the test. Add explicit calls to gnutls_memset() to fix that.

Signed-off-by: Clemens Lang <cllang@redhat.com>

diff --git a/lib/fips.c b/lib/fips.c
index e337221267276deabb866f3ff04226dc6936e6dd..fb08fa8a39dacbe01e5f6919e25c203ba65091a9 100644 (file)
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -372,10 +372,12 @@ static int check_lib_hmac(struct hmac_entry *entry, const char *path)
        if (gnutls_memcmp(entry->hmac, hmac, HMAC_SIZE)) {
                _gnutls_debug_log("Calculated MAC for %s does not match\n",
                                  path);
+               gnutls_memset(hmac, 0, HMAC_SIZE);
                return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
        }
        _gnutls_debug_log("Successfully verified MAC for %s\n", path);
 
+       gnutls_memset(hmac, 0, HMAC_SIZE);
        return 0;
 }