Explicitly clear temporary stack buffers in tls_prf_sha1_md5()

The local buffers may contain information used to generate parts of the derived key, so clear these explicitly to minimize amount of unnecessary private key-related material in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
author: Jouni Malinen <j@w1.fi> 2015-03-29 13:43:03 (GMT)
committer: Jouni Malinen <j@w1.fi> 2015-03-29 13:43:03 (GMT)
commit: 22ba05c09e001857853b3bd425061b120f32a738 (patch)
tree: e8ca9aa6475c6b7ce0519be16c815b858b8b2b2c /src/crypto
parent: 940a4dbf66ddef4aff3ca7f1c3177fd582f72d40 (diff)
download: hostap-22ba05c09e001857853b3bd425061b120f32a738.zip
hostap-22ba05c09e001857853b3bd425061b120f32a738.tar.gz
hostap-22ba05c09e001857853b3bd425061b120f32a738.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c
index 0effd9b..f9bc0eb 100644
--- a/src/crypto/sha1-tlsprf.c
+++ b/src/crypto/sha1-tlsprf.c
@@ -95,5 +95,10 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
 		SHA1_pos++;
 	}
 
+	os_memset(A_MD5, 0, MD5_MAC_LEN);
+	os_memset(P_MD5, 0, MD5_MAC_LEN);
+	os_memset(A_SHA1, 0, SHA1_MAC_LEN);
+	os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+
 	return 0;
 }
author	Jouni Malinen <j@w1.fi>	2015-03-29 13:43:03 (GMT)
committer	Jouni Malinen <j@w1.fi>	2015-03-29 13:43:03 (GMT)
commit	22ba05c09e001857853b3bd425061b120f32a738 (patch)
tree	e8ca9aa6475c6b7ce0519be16c815b858b8b2b2c /src/crypto
parent	940a4dbf66ddef4aff3ca7f1c3177fd582f72d40 (diff)
download	hostap-22ba05c09e001857853b3bd425061b120f32a738.zip hostap-22ba05c09e001857853b3bd425061b120f32a738.tar.gz hostap-22ba05c09e001857853b3bd425061b120f32a738.tar.bz2