eap,eapol,crypto: Replace uses of memset with explicit_bzero

Replace existing uses of memset to clear secrets with explicit_bzero to make sure it doesn't get optimized away. This has some side effects as documented in gcc docs but is still recommended. In eap_secret_info_free make sure we clear both strings in the case of EAP_SECRET_REMOTE_USER_PASSWORD secrets.
2019-03-22 00:56:53 +01:00 · 2019-03-22 00:56:53 +01:00 · fa7db4be4d
parent acbba6028b
commit fa7db4be4d
5 changed files with 22 additions and 15 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@ -635,8 +635,8 @@ bool crypto_derive_pmk_r0(const uint8_t *xxkey,
 	r = true;

 exit:
-	memset(context, 0, pos);
-	memset(output, 0, 48);
+	explicit_bzero(context, pos);
+	explicit_bzero(output, 48);

 	return r;
 }
@ -667,7 +667,7 @@ bool crypto_derive_pmk_r1(const uint8_t *pmk_r0,

 	sha256 = l_checksum_new(L_CHECKSUM_SHA256);
 	if (!sha256) {
-		memset(out_pmk_r1, 0, 32);
+		explicit_bzero(out_pmk_r1, 32);
 		goto exit;
 	}

@ -679,7 +679,7 @@ bool crypto_derive_pmk_r1(const uint8_t *pmk_r0,
 	r = true;

 exit:
-	memset(context, 0, sizeof(context));
+	explicit_bzero(context, sizeof(context));

 	return r;
 }
@ -714,7 +714,7 @@ bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,

 	sha256 = l_checksum_new(L_CHECKSUM_SHA256);
 	if (!sha256) {
-		memset(out_ptk, 0, ptk_len);
+		explicit_bzero(out_ptk, ptk_len);
 		goto exit;
 	}

@ -726,7 +726,7 @@ bool crypto_derive_ft_ptk(const uint8_t *pmk_r1, const uint8_t *pmk_r1_name,
 	r = true;

 exit:
-	memset(context, 0, sizeof(context));
+	explicit_bzero(context, sizeof(context));

 	return r;
 }
--- a/src/eap-mschapv2.c
+++ b/src/eap-mschapv2.c
@ -194,9 +194,9 @@ static bool eap_mschapv2_reset_state(struct eap_state *eap)

 static void eap_mschapv2_state_free(struct eap_mschapv2_state *state)
 {
-	memset(state->password_hash, 0, sizeof(state->password_hash));
+	explicit_bzero(state->password_hash, sizeof(state->password_hash));

-	memset(state->user, 0, state->user_len);
+	explicit_bzero(state->user, state->user_len);
 	l_free(state->user);
 	state->user_len = 0;

--- a/src/eap-tls-common.c
+++ b/src/eap-tls-common.c
@ -180,7 +180,8 @@ void eap_tls_common_state_free(struct eap_state *eap)
 	l_free(eap_tls->client_key);

 	if (eap_tls->passphrase) {
-		memset(eap_tls->passphrase, 0, strlen(eap_tls->passphrase));
+		explicit_bzero(eap_tls->passphrase,
+				strlen(eap_tls->passphrase));
 		l_free(eap_tls->passphrase);
 	}

--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@ -430,7 +430,8 @@ static void eap_ttls_phase2_credentials_destroy(
 		return;

 	if (credentials->password)
-		memset(credentials->password, 0, strlen(credentials->password));
+		explicit_bzero(credentials->password,
+				strlen(credentials->password));

 	l_free(credentials->username);
 	l_free(credentials->password);
@ -587,10 +588,10 @@ static void mschapv2_state_destroy(struct phase2_method *phase2)
 	if (!state)
 		return;

-	memset(state->server_challenge, 0, MSCHAPV2_CHALLENGE_LEN +
+	explicit_bzero(state->server_challenge, MSCHAPV2_CHALLENGE_LEN +
 							CHAP_IDENT_LEN);
-	memset(state->peer_challenge, 0, MSCHAPV2_CHALLENGE_LEN);
-	memset(state->password_hash, 0, 16);
+	explicit_bzero(state->peer_challenge, MSCHAPV2_CHALLENGE_LEN);
+	explicit_bzero(state->password_hash, 16);

 	l_free(state);
 	phase2->state = NULL;
--- a/src/eap.c
+++ b/src/eap.c
@ -404,12 +404,17 @@ void eap_secret_info_free(void *data)
 		return;

 	if (info->value) {
-		memset(info->value, 0, strlen(info->value));
+		size_t value_len = strlen(info->value) + 1;
+
+		if (info->type == EAP_SECRET_REMOTE_USER_PASSWORD)
+			value_len += strlen(info->value + value_len);
+
+		explicit_bzero(info->value, value_len);
 		l_free(info->value);
 	}

 	if (info->parameter) {
-		memset(info->parameter, 0, strlen(info->parameter));
+		explicit_bzero(info->parameter, strlen(info->parameter));
 		l_free(info->parameter);
 	}