crypto: Clear temporary stack buffers after use
This reduces possibility of exposure of private keys should something get access to stack memory. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
77a2c3941e
commit
51f3427019
4 changed files with 12 additions and 2 deletions
|
@ -30,6 +30,7 @@ int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
u8 tk[16];
|
||||
const u8 *_addr[6];
|
||||
size_t i, _len[6];
|
||||
int res;
|
||||
|
||||
if (num_elem > 5) {
|
||||
/*
|
||||
|
@ -85,7 +86,10 @@ int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
_len[0] = 64;
|
||||
_addr[1] = mac;
|
||||
_len[1] = MD5_MAC_LEN;
|
||||
return md5_vector(2, _addr, _len, mac);
|
||||
res = md5_vector(2, _addr, _len, mac);
|
||||
os_memset(k_pad, 0, sizeof(k_pad));
|
||||
os_memset(tk, 0, sizeof(tk));
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -61,6 +61,7 @@ int sha1_prf(const u8 *key, size_t key_len, const char *label,
|
|||
}
|
||||
counter++;
|
||||
}
|
||||
os_memset(hash, 0, sizeof(hash));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
unsigned char tk[20];
|
||||
const u8 *_addr[6];
|
||||
size_t _len[6], i;
|
||||
int ret;
|
||||
|
||||
if (num_elem > 5) {
|
||||
/*
|
||||
|
@ -84,7 +85,9 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
|
|||
_len[0] = 64;
|
||||
_addr[1] = mac;
|
||||
_len[1] = SHA1_MAC_LEN;
|
||||
return sha1_vector(2, _addr, _len, mac);
|
||||
ret = sha1_vector(2, _addr, _len, mac);
|
||||
os_memset(k_pad, 0, sizeof(k_pad));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -95,4 +95,6 @@ void sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
|
|||
u8 mask = 0xff << (8 - buf_len_bits % 8);
|
||||
buf[pos - 1] &= mask;
|
||||
}
|
||||
|
||||
os_memset(hash, 0, sizeof(hash));
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue