More forceful clearing of stack memory with keys

gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-26 00:47:17 +03:00 · 2019-05-26 00:47:17 +03:00 · 31bc66e4d1
commit 31bc66e4d1
parent e1923f5b6a
25 changed files with 98 additions and 72 deletions
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -3999,7 +3999,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
 				    _out, skip + out_len) == 0) {
 		ret = 0;
 	}
-	os_memset(master_key, 0, sizeof(master_key));
+	forced_memzero(master_key, sizeof(master_key));
 	os_free(rnd);
 	if (ret == 0)
 		os_memcpy(out, _out + skip, out_len);