aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-05-25 21:47:17 (GMT)
committerJouni Malinen <j@w1.fi>2019-05-26 13:11:56 (GMT)
commit31bc66e4d1934dfc663a31e0bb450b2885e6a453 (patch)
treee008bb3e051db26908d6cec5c01388e17cefe999 /src/crypto
parente1923f5b6a48d6bb453d716568339be797e3ae7f (diff)
downloadhostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.zip
hostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.tar.gz
hostap-31bc66e4d1934dfc663a31e0bb450b2885e6a453.tar.bz2
More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/sha1-internal.c4
-rw-r--r--src/crypto/sha1-prf.c2
-rw-r--r--src/crypto/sha1-tlsprf.c8
-rw-r--r--src/crypto/sha1-tprf.c2
-rw-r--r--src/crypto/sha1.c3
-rw-r--r--src/crypto/sha256-kdf.c6
-rw-r--r--src/crypto/sha256-prf.c2
-rw-r--r--src/crypto/sha384-kdf.c6
-rw-r--r--src/crypto/sha384-prf.c2
-rw-r--r--src/crypto/sha512-kdf.c6
-rw-r--r--src/crypto/sha512-prf.c2
-rw-r--r--src/crypto/tls_openssl.c2
-rw-r--r--src/crypto/tls_wolfssl.c2
13 files changed, 24 insertions, 23 deletions
diff --git a/src/crypto/sha1-internal.c b/src/crypto/sha1-internal.c
index a491707..ffa04df 100644
--- a/src/crypto/sha1-internal.c
+++ b/src/crypto/sha1-internal.c
@@ -224,7 +224,7 @@ void SHA1Transform(u32 state[5], const unsigned char buffer[64])
/* Wipe variables */
a = b = c = d = e = 0;
#ifdef SHA1HANDSOFF
- os_memset(block, 0, 64);
+ forced_memzero(block, 64);
#endif
}
@@ -300,7 +300,7 @@ void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
os_memset(context->buffer, 0, 64);
os_memset(context->state, 0, 20);
os_memset(context->count, 0, 8);
- os_memset(finalcount, 0, 8);
+ forced_memzero(finalcount, sizeof(finalcount));
}
/* ===== end - public domain SHA1 implementation ===== */
diff --git a/src/crypto/sha1-prf.c b/src/crypto/sha1-prf.c
index 4b2d137..1385149 100644
--- a/src/crypto/sha1-prf.c
+++ b/src/crypto/sha1-prf.c
@@ -61,7 +61,7 @@ int sha1_prf(const u8 *key, size_t key_len, const char *label,
}
counter++;
}
- os_memset(hash, 0, sizeof(hash));
+ forced_memzero(hash, sizeof(hash));
return 0;
}
diff --git a/src/crypto/sha1-tlsprf.c b/src/crypto/sha1-tlsprf.c
index a11649a..5e8d159 100644
--- a/src/crypto/sha1-tlsprf.c
+++ b/src/crypto/sha1-tlsprf.c
@@ -92,10 +92,10 @@ int tls_prf_sha1_md5(const u8 *secret, size_t secret_len, const char *label,
SHA1_pos++;
}
- os_memset(A_MD5, 0, MD5_MAC_LEN);
- os_memset(P_MD5, 0, MD5_MAC_LEN);
- os_memset(A_SHA1, 0, SHA1_MAC_LEN);
- os_memset(P_SHA1, 0, SHA1_MAC_LEN);
+ forced_memzero(A_MD5, MD5_MAC_LEN);
+ forced_memzero(P_MD5, MD5_MAC_LEN);
+ forced_memzero(A_SHA1, SHA1_MAC_LEN);
+ forced_memzero(P_SHA1, SHA1_MAC_LEN);
return 0;
}
diff --git a/src/crypto/sha1-tprf.c b/src/crypto/sha1-tprf.c
index 562510f..c3acf19 100644
--- a/src/crypto/sha1-tprf.c
+++ b/src/crypto/sha1-tprf.c
@@ -66,7 +66,7 @@ int sha1_t_prf(const u8 *key, size_t key_len, const char *label,
len[0] = SHA1_MAC_LEN;
}
- os_memset(hash, 0, SHA1_MAC_LEN);
+ forced_memzero(hash, SHA1_MAC_LEN);
return 0;
}
diff --git a/src/crypto/sha1.c b/src/crypto/sha1.c
index 8fce139..76d7a68 100644
--- a/src/crypto/sha1.c
+++ b/src/crypto/sha1.c
@@ -86,7 +86,8 @@ int hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem,
_addr[1] = mac;
_len[1] = SHA1_MAC_LEN;
ret = sha1_vector(2, _addr, _len, mac);
- os_memset(k_pad, 0, sizeof(k_pad));
+ forced_memzero(k_pad, sizeof(k_pad));
+ forced_memzero(tk, sizeof(tk));
return ret;
}
diff --git a/src/crypto/sha256-kdf.c b/src/crypto/sha256-kdf.c
index af7d954..5a6b744 100644
--- a/src/crypto/sha256-kdf.c
+++ b/src/crypto/sha256-kdf.c
@@ -69,7 +69,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
if (iter == 255) {
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA256_MAC_LEN);
+ forced_memzero(T, SHA256_MAC_LEN);
return -1;
}
iter++;
@@ -77,11 +77,11 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
if (hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0)
{
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA256_MAC_LEN);
+ forced_memzero(T, SHA256_MAC_LEN);
return -1;
}
}
- os_memset(T, 0, SHA256_MAC_LEN);
+ forced_memzero(T, SHA256_MAC_LEN);
return 0;
}
diff --git a/src/crypto/sha256-prf.c b/src/crypto/sha256-prf.c
index 722cad6..d665a99 100644
--- a/src/crypto/sha256-prf.c
+++ b/src/crypto/sha256-prf.c
@@ -102,7 +102,7 @@ int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
buf[pos - 1] &= mask;
}
- os_memset(hash, 0, sizeof(hash));
+ forced_memzero(hash, sizeof(hash));
return 0;
}
diff --git a/src/crypto/sha384-kdf.c b/src/crypto/sha384-kdf.c
index 1d19627..babcb9e 100644
--- a/src/crypto/sha384-kdf.c
+++ b/src/crypto/sha384-kdf.c
@@ -69,7 +69,7 @@ int hmac_sha384_kdf(const u8 *secret, size_t secret_len,
if (iter == 255) {
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA384_MAC_LEN);
+ forced_memzero(T, SHA384_MAC_LEN);
return -1;
}
iter++;
@@ -77,11 +77,11 @@ int hmac_sha384_kdf(const u8 *secret, size_t secret_len,
if (hmac_sha384_vector(secret, secret_len, 4, addr, len, T) < 0)
{
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA384_MAC_LEN);
+ forced_memzero(T, SHA384_MAC_LEN);
return -1;
}
}
- os_memset(T, 0, SHA384_MAC_LEN);
+ forced_memzero(T, SHA384_MAC_LEN);
return 0;
}
diff --git a/src/crypto/sha384-prf.c b/src/crypto/sha384-prf.c
index 03e3cb3..420e78c 100644
--- a/src/crypto/sha384-prf.c
+++ b/src/crypto/sha384-prf.c
@@ -102,7 +102,7 @@ int sha384_prf_bits(const u8 *key, size_t key_len, const char *label,
buf[pos - 1] &= mask;
}
- os_memset(hash, 0, sizeof(hash));
+ forced_memzero(hash, sizeof(hash));
return 0;
}
diff --git a/src/crypto/sha512-kdf.c b/src/crypto/sha512-kdf.c
index 8b71f9b..5bde664 100644
--- a/src/crypto/sha512-kdf.c
+++ b/src/crypto/sha512-kdf.c
@@ -69,7 +69,7 @@ int hmac_sha512_kdf(const u8 *secret, size_t secret_len,
if (iter == 255) {
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA512_MAC_LEN);
+ forced_memzero(T, SHA512_MAC_LEN);
return -1;
}
iter++;
@@ -77,11 +77,11 @@ int hmac_sha512_kdf(const u8 *secret, size_t secret_len,
if (hmac_sha512_vector(secret, secret_len, 4, addr, len, T) < 0)
{
os_memset(out, 0, outlen);
- os_memset(T, 0, SHA512_MAC_LEN);
+ forced_memzero(T, SHA512_MAC_LEN);
return -1;
}
}
- os_memset(T, 0, SHA512_MAC_LEN);
+ forced_memzero(T, SHA512_MAC_LEN);
return 0;
}
diff --git a/src/crypto/sha512-prf.c b/src/crypto/sha512-prf.c
index 3b2ad88..e48cf5f 100644
--- a/src/crypto/sha512-prf.c
+++ b/src/crypto/sha512-prf.c
@@ -102,7 +102,7 @@ int sha512_prf_bits(const u8 *key, size_t key_len, const char *label,
buf[pos - 1] &= mask;
}
- os_memset(hash, 0, sizeof(hash));
+ forced_memzero(hash, sizeof(hash));
return 0;
}
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index bf24074..c71979f 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3999,7 +3999,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
_out, skip + out_len) == 0) {
ret = 0;
}
- os_memset(master_key, 0, sizeof(master_key));
+ forced_memzero(master_key, sizeof(master_key));
os_free(rnd);
if (ret == 0)
os_memcpy(out, _out + skip, out_len);
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index e9cb425..83704ff 100644
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -2044,7 +2044,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
_out, skip + out_len);
}
- os_memset(master_key, 0, master_key_len);
+ forced_memzero(master_key, master_key_len);
if (ret == 0)
os_memcpy(out, _out + skip, out_len);
bin_clear_free(tmp_out, skip + out_len);