From 0f8111fc77dc81dac41e16727766e6712bd9e707 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 20 Mar 2013 09:12:00 -0700 Subject: [PATCH] zero out psk keys asap, ssn4 --- src/internal.c | 11 +++++++++++ src/tls.c | 3 +++ 2 files changed, 14 insertions(+) diff --git a/src/internal.c b/src/internal.c index 8e245b4f4..e98856313 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7157,6 +7157,8 @@ int SetCipherList(Suites* s, const char* list) pms += 2; XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; /* No further need */ } break; #endif /* NO_PSK */ @@ -7313,6 +7315,9 @@ int SetCipherList(Suites* s, const char* list) ret = tmpRet; /* save WANT_WRITE unless more serious */ ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; } + /* No further need for PMS */ + XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); + ssl->arrays->preMasterSz = 0; return ret; } @@ -9513,6 +9518,9 @@ int SetCipherList(Suites* s, const char* list) ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; ret = MakeMasterSecret(ssl); + /* No further need for PSK */ + XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz); + ssl->arrays->psk_keySz = 0; } break; #endif /* NO_PSK */ @@ -9620,6 +9628,9 @@ int SetCipherList(Suites* s, const char* list) } break; } + /* No further need for PMS */ + XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz); + ssl->arrays->preMasterSz = 0; if (ret == 0) { ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; diff --git a/src/tls.c b/src/tls.c index 67433da0e..4a89be320 100644 --- a/src/tls.c +++ b/src/tls.c @@ -123,6 +123,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, HmacFinal(&hmac, previous); } } + XMEMSET(previous, 0, sizeof previous); + XMEMSET(current, 0, sizeof current); + XMEMSET(&hmac, 0, sizeof hmac); }