From 940a4dbf66ddef4aff3ca7f1c3177fd582f72d40 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 29 Mar 2015 16:40:55 +0300 Subject: [PATCH] Explicitly clear temporary stack buffer in sha1_t_prf() The local hash[] buffer may contain parts of the derived key, so clear it explicitly to minimize number of unnecessary copies of key material in memory. Signed-off-by: Jouni Malinen --- src/crypto/sha1-tprf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c index a52949462..562510f89 100644 --- a/src/crypto/sha1-tprf.c +++ b/src/crypto/sha1-tprf.c @@ -66,5 +66,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label, len[0] = SHA1_MAC_LEN; } + os_memset(hash, 0, SHA1_MAC_LEN); + return 0; }