From 007fd6111ddc659461e2df55fa65d0f3351807f3 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 26 Feb 2022 10:58:15 +0200 Subject: [PATCH] Clear temporary results from stack in PBKDF2-SHA1 Force stack memory to be cleared of temporary values that might contain keying material. Signed-off-by: Jouni Malinen --- src/crypto/sha1-pbkdf2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/crypto/sha1-pbkdf2.c b/src/crypto/sha1-pbkdf2.c index 8effe2fe0..d2bdc95e5 100644 --- a/src/crypto/sha1-pbkdf2.c +++ b/src/crypto/sha1-pbkdf2.c @@ -50,6 +50,8 @@ static int pbkdf2_sha1_f(const char *passphrase, const u8 *ssid, for (j = 0; j < SHA1_MAC_LEN; j++) digest[j] ^= tmp2[j]; } + forced_memzero(tmp, SHA1_MAC_LEN); + forced_memzero(tmp2, SHA1_MAC_LEN); return 0; } @@ -87,6 +89,7 @@ int pbkdf2_sha1(const char *passphrase, const u8 *ssid, size_t ssid_len, pos += plen; left -= plen; } + forced_memzero(digest, SHA1_MAC_LEN); return 0; }