diff options
author | Geir Istad <gistad@cisco.com> | 2017-03-07 15:13:14 +0100 |
---|---|---|
committer | Geir Istad <gistad@cisco.com> | 2017-03-07 15:13:14 +0100 |
commit | 44d0da45a6ba1273d817f32226d77c6f86f96302 (patch) | |
tree | d3c2b1597b4ee76d420649f2cceb6d3215252861 /srtp | |
parent | 4536481fcbefcc5cb0a732f39ffbbb5bf259189c (diff) | |
download | libsrtp2-44d0da45a6ba1273d817f32226d77c6f86f96302.tar.gz |
srtp.c: srtp_stream_init_keys() clear secrets
A couple of places there were early returns that did not clean up a temp
key.
Diffstat (limited to 'srtp')
-rw-r--r-- | srtp/srtp.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/srtp/srtp.c b/srtp/srtp.c index 43f8a1c..6decdde 100644 --- a/srtp/srtp.c +++ b/srtp/srtp.c @@ -944,6 +944,8 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); #endif if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } @@ -1016,6 +1018,8 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, #endif octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } } else { @@ -1069,6 +1073,7 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, /* release memory for custom header extension encryption kdf */ stat = srtp_kdf_clear(xtn_hdr_kdf); if (stat) { + /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } |