Explicitly clear temporary stack buffer in hmac_sha256_kdf()

The local T[] buffer may contain parts of the derived key, so clear it
explicitly to minimize number of unnecessary copies of key material in
memory.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/crypto/sha256-kdf.c

@@ -61,6 +61,7 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
 
 		if (iter == 255) {
 			os_memset(out, 0, outlen);
+			os_memset(T, 0, SHA256_MAC_LEN);
 			return -1;
 		}
 		iter++;
@@ -68,9 +69,11 @@ int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
 		if (hmac_sha256_vector(secret, secret_len, 4, addr, len, T) < 0)
 		{
 			os_memset(out, 0, outlen);
+			os_memset(T, 0, SHA256_MAC_LEN);
 			return -1;
 		}
 	}
 
+	os_memset(T, 0, SHA256_MAC_LEN);
 	return 0;
 }