aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_sim.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-29 18:16:30 (GMT)
committerJouni Malinen <j@w1.fi>2014-07-02 09:38:48 (GMT)
commitf534ee0804dc8d77434d2b534a118e86bd597694 (patch)
treeca115c0a59a991135bb28c4772d8b6e18746d6ad /src/eap_peer/eap_sim.c
parent19c48da06b6980915e97a84ea8387a9db858c662 (diff)
downloadhostap-f534ee0804dc8d77434d2b534a118e86bd597694.zip
hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.gz
hostap-f534ee0804dc8d77434d2b534a118e86bd597694.tar.bz2
EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private data) remains in memory in EAP methods. This provides additional protection should there be any issues that could expose process memory to external observers. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_sim.c')
-rw-r--r--src/eap_peer/eap_sim.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/eap_peer/eap_sim.c b/src/eap_peer/eap_sim.c
index 9e0c08f..bd06df7 100644
--- a/src/eap_peer/eap_sim.c
+++ b/src/eap_peer/eap_sim.c
@@ -130,6 +130,20 @@ static void * eap_sim_init(struct eap_sm *sm)
}
+static void eap_sim_clear_keys(struct eap_sim_data *data, int reauth)
+{
+ if (!reauth) {
+ os_memset(data->mk, 0, EAP_SIM_MK_LEN);
+ os_memset(data->k_aut, 0, EAP_SIM_K_AUT_LEN);
+ os_memset(data->k_encr, 0, EAP_SIM_K_ENCR_LEN);
+ }
+ os_memset(data->kc, 0, 3 * EAP_SIM_KC_LEN);
+ os_memset(data->sres, 0, 3 * EAP_SIM_SRES_LEN);
+ os_memset(data->msk, 0, EAP_SIM_KEYING_DATA_LEN);
+ os_memset(data->emsk, 0, EAP_EMSK_LEN);
+}
+
+
static void eap_sim_deinit(struct eap_sm *sm, void *priv)
{
struct eap_sim_data *data = priv;
@@ -138,6 +152,7 @@ static void eap_sim_deinit(struct eap_sm *sm, void *priv)
os_free(data->pseudonym);
os_free(data->reauth_id);
os_free(data->last_eap_identity);
+ eap_sim_clear_keys(data, 0);
os_free(data);
}
}
@@ -1110,6 +1125,7 @@ static void eap_sim_deinit_for_reauth(struct eap_sm *sm, void *priv)
struct eap_sim_data *data = priv;
eap_sim_clear_identities(sm, data, CLEAR_EAP_ID);
data->use_result_ind = 0;
+ eap_sim_clear_keys(data, 1);
}