diff options
author | Matt Johnston <matt@ucc.asn.au> | 2015-01-04 23:10:59 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2015-01-04 23:10:59 +0800 |
commit | 3e8ea49bb5454a2a7a506aded05f3cbf7cc2592d (patch) | |
tree | b641d6b40dd01c450c46c351e17fa761a6d35191 /common-kex.c | |
parent | e08a40a68f3dcd4c3cb11d149f2c56d590e4483e (diff) | |
download | dropbear-3e8ea49bb5454a2a7a506aded05f3cbf7cc2592d.tar.gz |
clear hash state memory after use
Diffstat (limited to 'common-kex.c')
-rw-r--r-- | common-kex.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/common-kex.c b/common-kex.c index f5119d2..65746a2 100644 --- a/common-kex.c +++ b/common-kex.c @@ -303,7 +303,7 @@ static void hashkeys(unsigned char *out, unsigned int outlen, hash_desc->done(&hs2, tmpout); memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize)); } - + m_burn(&hs2, sizeof(hash_state)); } /* Generate the actual encryption/integrity keys, using the results of the @@ -403,6 +403,7 @@ static void gen_new_keys() { m_burn(C2S_key, sizeof(C2S_key)); m_burn(S2C_IV, sizeof(S2C_IV)); m_burn(S2C_key, sizeof(S2C_key)); + m_burn(&hs, sizeof(hash_state)); TRACE(("leave gen_new_keys")) } @@ -798,6 +799,7 @@ static void finish_kexhashbuf(void) { buf_burn(ses.kexhashbuf); buf_free(ses.kexhashbuf); + m_burn(&hs, sizeof(hash_state)); ses.kexhashbuf = NULL; /* first time around, we set the session_id to H */ @@ -805,7 +807,6 @@ static void finish_kexhashbuf(void) { /* create the session_id, this never needs freeing */ ses.session_id = buf_newcopy(ses.hash); } - } /* read the other side's algo list. buf_match_algo is a callback to match |