diff options
Diffstat (limited to 'common/fpsensor/fpsensor_crypto.c')
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 6385b7116d..d5bbd03c38 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -5,6 +5,7 @@ #include "aes.h" #include "aes-gcm.h" +#include "cryptoc/util.h" #include "fpsensor_crypto.h" #include "fpsensor_private.h" #include "fpsensor_state.h" @@ -77,7 +78,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); - memset(key_buf, 0, sizeof(key_buf)); + always_memset(key_buf, 0, sizeof(key_buf)); return EC_SUCCESS; } @@ -100,7 +101,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) /* "Extract step of HKDF. */ hkdf_extract(prk, salt, FP_CONTEXT_SALT_BYTES, ikm, sizeof(ikm)); - memset(ikm, 0, sizeof(ikm)); + always_memset(ikm, 0, sizeof(ikm)); /* * Only 1 "expand" step of HKDF since the size of the "info" context @@ -109,7 +110,7 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) */ ret = hkdf_expand_one_step(out_key, SBP_ENC_KEY_LEN, prk, sizeof(prk), (uint8_t *)user_id, sizeof(user_id)); - memset(prk, 0, sizeof(prk)); + always_memset(prk, 0, sizeof(prk)); return ret; } |