More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
e1923f5b6a
commit
31bc66e4d1
25 changed files with 98 additions and 72 deletions
|
|
@ -414,7 +414,7 @@ static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
|
|||
*/
|
||||
if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
return eap_eke_build_fail(data, ret, id,
|
||||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -422,7 +422,7 @@ static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
|
|||
if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
|
||||
{
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
return eap_eke_build_fail(data, ret, id,
|
||||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -431,7 +431,7 @@ static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
|
|||
data->serverid, data->serverid_len,
|
||||
data->peerid, data->peerid_len) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
return eap_eke_build_fail(data, ret, id,
|
||||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -442,7 +442,7 @@ static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
|
|||
data->sess.dhcomp_len + data->sess.pnonce_len,
|
||||
EAP_EKE_COMMIT);
|
||||
if (resp == NULL) {
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
return eap_eke_build_fail(data, ret, id,
|
||||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -452,11 +452,11 @@ static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
|
|||
if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
|
||||
wpabuf_free(resp);
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
return eap_eke_build_fail(data, ret, id,
|
||||
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
}
|
||||
os_memset(key, 0, sizeof(key));
|
||||
forced_memzero(key, sizeof(key));
|
||||
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
|
||||
rpos, data->sess.dhcomp_len);
|
||||
|
|
|
|||
|
|
@ -390,8 +390,8 @@ static u8 * eap_leap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
wpa_hexdump_key(MSG_DEBUG, "EAP-LEAP: master key", key, LEAP_KEY_LEN);
|
||||
*len = LEAP_KEY_LEN;
|
||||
|
||||
os_memset(pw_hash, 0, sizeof(pw_hash));
|
||||
os_memset(pw_hash_hash, 0, sizeof(pw_hash_hash));
|
||||
forced_memzero(pw_hash, sizeof(pw_hash));
|
||||
forced_memzero(pw_hash_hash, sizeof(pw_hash_hash));
|
||||
|
||||
return key;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -295,7 +295,7 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
|||
res = peap_prfplus(data->peap_version, tk, 40,
|
||||
"Inner Methods Compound Keys",
|
||||
isk, sizeof(isk), imck, sizeof(imck));
|
||||
os_memset(isk, 0, sizeof(isk));
|
||||
forced_memzero(isk, sizeof(isk));
|
||||
if (res < 0)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IMCK (IPMKj)",
|
||||
|
|
@ -305,7 +305,7 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
|||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK (S-IPMKj)", data->ipmk, 40);
|
||||
os_memcpy(data->cmk, imck + 40, 20);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: CMK (CMKj)", data->cmk, 20);
|
||||
os_memset(imck, 0, sizeof(imck));
|
||||
forced_memzero(imck, sizeof(imck));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1267,7 +1267,7 @@ static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len)
|
|||
os_memcpy(key, csk, EAP_TLS_KEY_LEN);
|
||||
wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key",
|
||||
key, EAP_TLS_KEY_LEN);
|
||||
os_memset(csk, 0, sizeof(csk));
|
||||
forced_memzero(csk, sizeof(csk));
|
||||
} else
|
||||
os_memcpy(key, data->key_data, EAP_TLS_KEY_LEN);
|
||||
|
||||
|
|
|
|||
|
|
@ -362,7 +362,7 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
data->password_len, pwhash);
|
||||
if (res == 0)
|
||||
res = hash_nt_password_hash(pwhash, pwhashhash);
|
||||
os_memset(pwhash, 0, sizeof(pwhash));
|
||||
forced_memzero(pwhash, sizeof(pwhash));
|
||||
}
|
||||
|
||||
if (res) {
|
||||
|
|
@ -514,8 +514,8 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
|
|||
data->id_server, data->id_server_len,
|
||||
data->id_peer, data->id_peer_len,
|
||||
data->token);
|
||||
os_memset(pwhashhash, 0, sizeof(pwhashhash));
|
||||
os_memset(salthashpwd, 0, sizeof(salthashpwd));
|
||||
forced_memzero(pwhashhash, sizeof(pwhashhash));
|
||||
forced_memzero(salthashpwd, sizeof(salthashpwd));
|
||||
if (res) {
|
||||
wpa_printf(MSG_INFO, "EAP-PWD (peer): unable to compute PWE");
|
||||
eap_pwd_state(data, FAILURE);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue