wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

zero out psk keys asap, ssn4

Browse Source
This commit is contained in:
toddouska
2013-03-20 09:12:00 -07:00
parent 4f9e915bc1
commit 0f8111fc77
2 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@@ -7157,6 +7157,8 @@ int SetCipherList(Suites* s, const char* list)
pms += 2; pms += 2;
XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz); XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0; /* No further need */
} }
break; break;
#endif /* NO_PSK */ #endif /* NO_PSK */
@@ -7313,6 +7315,9 @@ int SetCipherList(Suites* s, const char* list)
ret = tmpRet; /* save WANT_WRITE unless more serious */ ret = tmpRet; /* save WANT_WRITE unless more serious */
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
} }
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
return ret; return ret;
} }
@@ -9513,6 +9518,9 @@ int SetCipherList(Suites* s, const char* list)
ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4; ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
ret = MakeMasterSecret(ssl); ret = MakeMasterSecret(ssl);
/* No further need for PSK */
XMEMSET(ssl->arrays->psk_key, 0, ssl->arrays->psk_keySz);
ssl->arrays->psk_keySz = 0;
} }
break; break;
#endif /* NO_PSK */ #endif /* NO_PSK */
@@ -9620,6 +9628,9 @@ int SetCipherList(Suites* s, const char* list)
} }
break; break;
} }
/* No further need for PMS */
XMEMSET(ssl->arrays->preMasterSecret, 0, ssl->arrays->preMasterSz);
ssl->arrays->preMasterSz = 0;
if (ret == 0) { if (ret == 0) {
ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;

3
src/tls.c
View File

@@ -123,6 +123,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
HmacFinal(&hmac, previous); HmacFinal(&hmac, previous);
} }
} }
XMEMSET(previous, 0, sizeof previous);
XMEMSET(current, 0, sizeof current);
XMEMSET(&hmac, 0, sizeof hmac);
} }