crypto: Clear temporary stack buffers after use

This reduces possibility of exposure of private keys should something
get access to stack memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-05 18:05:58 +02:00
parent 77a2c3941e
commit 51f3427019
4 changed files with 12 additions and 2 deletions

View file

@ -30,6 +30,7 @@ int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
u8 tk[16];
const u8 *_addr[6];
size_t i, _len[6];
int res;
if (num_elem > 5) {
/*
@ -85,7 +86,10 @@ int hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem,
_len[0] = 64;
_addr[1] = mac;
_len[1] = MD5_MAC_LEN;
return md5_vector(2, _addr, _len, mac);
res = md5_vector(2, _addr, _len, mac);
os_memset(k_pad, 0, sizeof(k_pad));
os_memset(tk, 0, sizeof(tk));
return res;
}

View file

@ -61,6 +61,7 @@ int sha1_prf(const u8 *key, size_t key_len, const char *label,
}
counter++;
}
os_memset(hash, 0, sizeof(hash));
return 0;
}

View file

@ -30,6 +30,7 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
unsigned char tk[20];
const u8 *_addr[6];
size_t _len[6], i;
int ret;
if (num_elem > 5) {
/*
@ -84,7 +85,9 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
_len[0] = 64;
_addr[1] = mac;
_len[1] = SHA1_MAC_LEN;
return sha1_vector(2, _addr, _len, mac);
ret = sha1_vector(2, _addr, _len, mac);
os_memset(k_pad, 0, sizeof(k_pad));
return ret;
}

View file

@ -95,4 +95,6 @@ void sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
u8 mask = 0xff << (8 - buf_len_bits % 8);
buf[pos - 1] &= mask;
}
os_memset(hash, 0, sizeof(hash));
}