From 881fbd1d803e7bd38cc5e48667e91e351a08ad94 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Thu, 21 Mar 2019 03:54:13 +0100 Subject: [PATCH] crypto: Memzero copies of secrets --- src/crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto.c b/src/crypto.c index bf9d896f..59ce6835 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -161,6 +161,7 @@ bool aes_unwrap(const uint8_t *kek, size_t kek_len, const uint8_t *in, size_t le } l_cipher_free(cipher); + explicit_bzero(&b[1], 8); /* Check IV */ if (b[0] != 0xa6a6a6a6a6a6a6a6) @@ -325,6 +326,7 @@ int crypto_psk_from_passphrase(const char *passphrase, if (out_psk) memcpy(out_psk, psk, sizeof(psk)); + explicit_bzero(psk, sizeof(psk)); return 0; }