More forceful clearing of stack memory with keys
gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
e1923f5b6a
commit
31bc66e4d1
25 changed files with 98 additions and 72 deletions
|
|
@ -334,7 +334,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
|
|||
os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN);
|
||||
sm->xxkey_len = PMK_LEN;
|
||||
}
|
||||
os_memset(buf, 0, sizeof(buf));
|
||||
forced_memzero(buf, sizeof(buf));
|
||||
if (sm->proto == WPA_PROTO_RSN &&
|
||||
wpa_key_mgmt_ft(sm->key_mgmt)) {
|
||||
struct rsn_pmksa_cache_entry *sa = NULL;
|
||||
|
|
@ -649,7 +649,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||
os_memcpy(buf, &ptk->tk[16], 8);
|
||||
os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
|
||||
os_memcpy(&ptk->tk[24], buf, 8);
|
||||
os_memset(buf, 0, sizeof(buf));
|
||||
forced_memzero(buf, sizeof(buf));
|
||||
}
|
||||
sm->tptk_set = 1;
|
||||
|
||||
|
|
@ -923,7 +923,7 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
|||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
"WPA: Failed to set GTK to the driver "
|
||||
"(Group only)");
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
forced_memzero(gtk_buf, sizeof(gtk_buf));
|
||||
return -1;
|
||||
}
|
||||
} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
|
||||
|
|
@ -933,10 +933,10 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
|||
"WPA: Failed to set GTK to "
|
||||
"the driver (alg=%d keylen=%d keyidx=%d)",
|
||||
gd->alg, gd->gtk_len, gd->keyidx);
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
forced_memzero(gtk_buf, sizeof(gtk_buf));
|
||||
return -1;
|
||||
}
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
forced_memzero(gtk_buf, sizeof(gtk_buf));
|
||||
|
||||
if (wnm_sleep) {
|
||||
sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
|
||||
|
|
@ -1042,10 +1042,10 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
|
|||
wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"RSN: Failed to install GTK");
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
return -1;
|
||||
}
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1714,12 +1714,12 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
|
|||
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
|
||||
os_memcpy(gd->gtk, key_data, key_data_len);
|
||||
if (rc4_skip(ek, 32, 256, gd->gtk, key_data_len)) {
|
||||
os_memset(ek, 0, sizeof(ek));
|
||||
forced_memzero(ek, sizeof(ek));
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
|
||||
"WPA: RC4 failed");
|
||||
return -1;
|
||||
}
|
||||
os_memset(ek, 0, sizeof(ek));
|
||||
forced_memzero(ek, sizeof(ek));
|
||||
#endif /* CONFIG_NO_RC4 */
|
||||
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
|
||||
if (maxkeylen % 8) {
|
||||
|
|
@ -1868,7 +1868,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
|||
if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
|
||||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
|
||||
goto failed;
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
|
||||
if (rekey) {
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Group rekeying "
|
||||
|
|
@ -1887,7 +1887,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
|||
return;
|
||||
|
||||
failed:
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
|
||||
}
|
||||
|
||||
|
|
@ -2001,12 +2001,12 @@ static int wpa_supplicant_decrypt_key_data(struct wpa_sm *sm,
|
|||
os_memcpy(ek, key->key_iv, 16);
|
||||
os_memcpy(ek + 16, sm->ptk.kek, sm->ptk.kek_len);
|
||||
if (rc4_skip(ek, 32, 256, key_data, *key_data_len)) {
|
||||
os_memset(ek, 0, sizeof(ek));
|
||||
forced_memzero(ek, sizeof(ek));
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_ERROR,
|
||||
"WPA: RC4 failed");
|
||||
return -1;
|
||||
}
|
||||
os_memset(ek, 0, sizeof(ek));
|
||||
forced_memzero(ek, sizeof(ek));
|
||||
#endif /* CONFIG_NO_RC4 */
|
||||
} else if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES ||
|
||||
ver == WPA_KEY_INFO_TYPE_AES_128_CMAC ||
|
||||
|
|
@ -3446,12 +3446,12 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
|||
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
|
||||
gd.gtk, gd.gtk_len);
|
||||
if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
|
||||
"WNM mode");
|
||||
return -1;
|
||||
}
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
|
||||
const struct wpa_igtk_kde *igtk;
|
||||
|
|
@ -3881,7 +3881,7 @@ int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
|
|||
dh_ss ? wpabuf_head(dh_ss) : NULL,
|
||||
dh_ss ? wpabuf_len(dh_ss) : 0,
|
||||
sm->pmk, &sm->pmk_len);
|
||||
os_memset(rmsk, 0, sizeof(rmsk));
|
||||
forced_memzero(rmsk, sizeof(rmsk));
|
||||
|
||||
/* Don't use DHss in PTK derivation if PMKSA caching is not
|
||||
* used. */
|
||||
|
|
@ -3956,7 +3956,7 @@ int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
|
|||
sm->fils_key_auth_ap,
|
||||
&sm->fils_key_auth_len);
|
||||
wpabuf_free(pub);
|
||||
os_memset(ick, 0, sizeof(ick));
|
||||
forced_memzero(ick, sizeof(ick));
|
||||
return res;
|
||||
fail:
|
||||
wpabuf_free(pub);
|
||||
|
|
@ -4480,9 +4480,11 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
|
|||
|
||||
wpa_printf(MSG_DEBUG, "FILS: Auth+Assoc completed successfully");
|
||||
sm->fils_completed = 1;
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
|
||||
return 0;
|
||||
fail:
|
||||
forced_memzero(&gd, sizeof(gd));
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -4694,7 +4696,7 @@ int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
|
|||
else if (group == 21)
|
||||
res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
|
||||
os_strlen(info), sm->pmk, hash_len);
|
||||
os_memset(prk, 0, SHA512_MAC_LEN);
|
||||
forced_memzero(prk, SHA512_MAC_LEN);
|
||||
if (res < 0) {
|
||||
sm->pmk_len = 0;
|
||||
return -1;
|
||||
|
|
|
|||
|
|
@ -828,10 +828,10 @@ static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
|
|||
igtk_elem + 2, 6, igtk, igtk_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to set IGTK to the "
|
||||
"driver.");
|
||||
os_memset(igtk, 0, sizeof(igtk));
|
||||
forced_memzero(igtk, sizeof(igtk));
|
||||
return -1;
|
||||
}
|
||||
os_memset(igtk, 0, sizeof(igtk));
|
||||
forced_memzero(igtk, sizeof(igtk));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue