jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

crypto: Clear temporary heap allocations before freeing

Browse source 
This reduces the time private keys may remain in heap memory after use.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-01-05 18:05:09 +02:00
parent a15a7fcf69
commit 77a2c3941e
4 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hostapd/Makefile
View file

@ -962,6 +962,7 @@ hostapd_cli: $(OBJS_c)
@$(E) " LD " $@ @$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) ../src/crypto/md5.o
NOBJS += ../src/utils/common.o
ifdef NEED_RC4 ifdef NEED_RC4
ifdef CONFIG_INTERNAL_RC4 ifdef CONFIG_INTERNAL_RC4
NOBJS += ../src/crypto/rc4.o NOBJS += ../src/crypto/rc4.o

2
src/crypto/aes-eax.c
View file

@ -71,7 +71,7 @@ int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len,
ret = 0; ret = 0;
fail: fail:
os_free(buf); bin_clear_free(buf, buf_len);
return ret; return ret;
} }

2
src/crypto/aes-siv.c
View file

@ -95,7 +95,7 @@ static int aes_s2v(const u8 *key, size_t num_elem, const u8 *addr[],
os_memcpy(buf, addr[i], len[i]); os_memcpy(buf, addr[i], len[i]);
xorend(buf, len[i], tmp, AES_BLOCK_SIZE); xorend(buf, len[i], tmp, AES_BLOCK_SIZE);
ret = omac1_aes_128(key, buf, len[i], mac); ret = omac1_aes_128(key, buf, len[i], mac);
os_free(buf); bin_clear_free(buf, len[i]);
return ret; return ret;
} }

16
src/crypto/crypto_openssl.c
View file

@ -258,7 +258,7 @@ void aes_encrypt_deinit(void *ctx)
"in AES encrypt", len); "in AES encrypt", len);
} }
EVP_CIPHER_CTX_cleanup(c); EVP_CIPHER_CTX_cleanup(c);
os_free(c); bin_clear_free(c, sizeof(*c));
} }
@ -309,7 +309,7 @@ void aes_decrypt_deinit(void *ctx)
"in AES decrypt", len); "in AES decrypt", len);
} }
EVP_CIPHER_CTX_cleanup(c); EVP_CIPHER_CTX_cleanup(c);
os_free(ctx); bin_clear_free(c, sizeof(*c));
} }
@ -507,8 +507,8 @@ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
return dh; return dh;
err: err:
wpabuf_free(pubkey); wpabuf_clear_free(pubkey);
wpabuf_free(privkey); wpabuf_clear_free(privkey);
DH_free(dh); DH_free(dh);
return NULL; return NULL;
} }
@ -581,7 +581,7 @@ struct wpabuf * dh5_derive_shared(void *ctx, const struct wpabuf *peer_public,
err: err:
BN_clear_free(pub_key); BN_clear_free(pub_key);
wpabuf_free(res); wpabuf_clear_free(res);
return NULL; return NULL;
} }
@ -638,7 +638,7 @@ struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key,
HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL); HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL);
#else /* openssl < 0.9.9 */ #else /* openssl < 0.9.9 */
if (HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL) != 1) { if (HMAC_Init_ex(&ctx->ctx, key, key_len, md, NULL) != 1) {
os_free(ctx); bin_clear_free(ctx, sizeof(*ctx));
return NULL; return NULL;
} }
#endif /* openssl < 0.9.9 */ #endif /* openssl < 0.9.9 */
@ -664,7 +664,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
return -2; return -2;
if (mac == NULL || len == NULL) { if (mac == NULL || len == NULL) {
os_free(ctx); bin_clear_free(ctx, sizeof(*ctx));
return 0; return 0;
} }
@ -676,7 +676,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
res = HMAC_Final(&ctx->ctx, mac, &mdlen); res = HMAC_Final(&ctx->ctx, mac, &mdlen);
#endif /* openssl < 0.9.9 */ #endif /* openssl < 0.9.9 */
HMAC_CTX_cleanup(&ctx->ctx); HMAC_CTX_cleanup(&ctx->ctx);
os_free(ctx); bin_clear_free(ctx, sizeof(*ctx));
if (res == 1) { if (res == 1) {
*len = mdlen; *len = mdlen;