HMAC_DRBG: clean stack buffers Wipe stack buffers that may contain sensitive data (data that contributes to the DRBG state.

commit: 1da7776bd722b9739d9dc46bb7e4415da18f3443 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Sep 11 15:35:41 2018 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Sep 13 22:11:17 2018 +0200
tree: 35888065696e4835f7fcf70afa5d2bc3e599fdc0
parent: d324c5954a53cf1cb5da416cdeffe918210e5732 [diff] [blame]
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 24c609e..40e2b0a 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c

@@ -93,6 +93,8 @@
         mbedtls_md_hmac_update( &ctx->md_ctx, ctx->V, md_len );
         mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V );
     }
+
+    mbedtls_zeroize( K, sizeof( K ) );
 }
 
 /*
@@ -158,6 +160,7 @@
     ctx->reseed_counter = 1;
 
     /* 4. Done */
+    mbedtls_zeroize( seed, seedlen );
     return( 0 );
 }
commit	1da7776bd722b9739d9dc46bb7e4415da18f3443	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Sep 11 15:35:41 2018 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Sep 13 22:11:17 2018 +0200
tree	35888065696e4835f7fcf70afa5d2bc3e599fdc0
parent	d324c5954a53cf1cb5da416cdeffe918210e5732 [diff] [blame]