mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

zero out psk keys asap, ssn4

Browse Source
This commit is contained in:
toddouska 2013-03-20 09:12:00 -07:00
parent 4f9e915bc1
commit 0f8111fc77
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@ -7157,6 +7157,8 @@ int SetCipherList(Suites* s, const char* list)
pms += 2;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; /* No further need */
}
break;
#endif /* NO_PSK */
@ -7313,6 +7315,9 @@ int SetCipherList(Suites* s, const char* list)
ret = tmpRet; /* save WANT_WRITE unless more serious */
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
}
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
return ret;
}
@ -9513,6 +9518,9 @@ int SetCipherList(Suites* s, const char* list)
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ret = MakeMasterSecret(ssl);
/* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0;
}
break;
#endif /* NO_PSK */
@ -9620,6 +9628,9 @@ int SetCipherList(Suites* s, const char* list)
}
break;
}
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
if (ret == 0) {
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;

3
src/tls.c
View File

@ -123,6 +123,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
HmacFinal(&hmac, previous);
}
}
XMEMSET(previous, 0, sizeof previous);
XMEMSET(current, 0, sizeof current);
XMEMSET(&hmac, 0, sizeof hmac);
}