aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/sha256-prf.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-05-25 21:47:17 (GMT)
committerJouni Malinen <j@w1.fi>2019-05-26 13:11:56 (GMT)
commit31bc66e4d1934dfc663a31e0bb450b2885e6a453 (patch)
treee008bb3e051db26908d6cec5c01388e17cefe999 /src/crypto/sha256-prf.c
parente1923f5b6a48d6bb453d716568339be797e3ae7f (diff)
downloadhostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.zip
hostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.tar.gz
hostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.tar.bz2
More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/crypto/sha256-prf.c')
-rw-r--r--src/crypto/sha256-prf.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/sha256-prf.c b/src/crypto/sha256-prf.c
index 722cad6..d665a99 100644
--- a/src/crypto/sha256-prf.c
+++ b/src/crypto/sha256-prf.c
@@ -102,7 +102,7 @@ int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
buf[pos - 1] &= mask;
}
- os_memset(hash, 0, sizeof(hash));
+ forced_memzero(hash, sizeof(hash));
return 0;
}