diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-12 14:24:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 11:41:43 +0100 |
commit | 54684ed8aefe08e3d8fa49ab21211064c5f7f0f5 (patch) | |
tree | fd4fdd2c9049489a4d1cb7b30a5fb3f800c9f0cb | |
parent | ad35a04fe47a97c41c51d2271b01f24be13217b1 (diff) | |
download | gnutls-54684ed8aefe08e3d8fa49ab21211064c5f7f0f5.tar.gz |
Added zeroization of keys in several parts within gnutls.
-rw-r--r-- | lib/auth/dh_common.c | 22 | ||||
-rw-r--r-- | lib/auth/dhe_psk.c | 8 | ||||
-rw-r--r-- | lib/auth/ecdhe.c | 2 | ||||
-rw-r--r-- | lib/auth/psk.c | 6 | ||||
-rw-r--r-- | lib/auth/psk_passwd.c | 1 | ||||
-rw-r--r-- | lib/auth/rsa_psk.c | 8 | ||||
-rw-r--r-- | lib/auth/srp.c | 20 | ||||
-rw-r--r-- | lib/auth/srp_passwd.c | 4 | ||||
-rw-r--r-- | lib/gnutls_datum.h | 27 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 2 | ||||
-rw-r--r-- | lib/gnutls_state.c | 31 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 10 | ||||
-rw-r--r-- | lib/nettle/mac.c | 7 |
13 files changed, 93 insertions, 55 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 1efb4a2771..745787c25a 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -81,7 +81,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, return gnutls_assert_val(ret); _gnutls_mpi_release(&session->key.client_Y); - _gnutls_mpi_release(&session->key.dh_secret); + zrelease_temp_mpi_key(&session->key.dh_secret); if (psk_key == NULL) { @@ -100,11 +100,11 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, ret = _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key); - _gnutls_free_datum(&tmp_dh_key); + _gnutls_zfree_datum(&tmp_dh_key); } - _gnutls_mpi_release(&session->key.KEY); + zrelease_temp_mpi_key(&session->key.KEY); if (ret < 0) { return ret; @@ -124,10 +124,10 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, gnutls_buffer_st * data, gnutls_datum_t * pskkey) { - bigint_t x = NULL, X = NULL; + bigint_t x = NULL, Y = NULL; int ret; - ret = gnutls_calc_dh_secret(&X, &x, session->key.client_g, + ret = gnutls_calc_dh_secret(&Y, &x, session->key.client_g, session->key.client_p, 0); if (ret < 0) { gnutls_assert(); @@ -136,7 +136,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, _gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(x)); - ret = _gnutls_buffer_append_mpi(data, 16, X, 0); + ret = _gnutls_buffer_append_mpi(data, 16, Y, 0); if (ret < 0) { gnutls_assert(); goto error; @@ -175,10 +175,10 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = _gnutls_set_psk_session_key(session, pskkey, &tmp_dh_key); - _gnutls_free_datum(&tmp_dh_key); + _gnutls_zfree_datum(&tmp_dh_key); } - _gnutls_mpi_release(&session->key.KEY); + zrelease_temp_mpi_key(&session->key.KEY); if (ret < 0) { gnutls_assert(); @@ -188,8 +188,8 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = data->length; error: - _gnutls_mpi_release(&x); - _gnutls_mpi_release(&X); + zrelease_temp_mpi_key(&x); + _gnutls_mpi_release(&Y); return ret; } @@ -314,7 +314,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, } ret = data->length; - cleanup: +cleanup: _gnutls_mpi_release(&Y); return ret; diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 08dc3ef8cc..7c8b14c5fa 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -131,7 +131,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) cleanup: if (free) { _gnutls_free_datum(&username); - _gnutls_free_datum(&key); + _gnutls_zfree_datum(&key); } return ret; @@ -175,7 +175,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) cleanup: if (free) { _gnutls_free_datum(&username); - _gnutls_free_datum(&key); + _gnutls_zfree_datum(&key); } return ret; @@ -328,7 +328,7 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, ret = _gnutls_proc_dh_common_client_kx(session, data, data_size, g, p, &psk_key); - _gnutls_free_datum(&psk_key); + _gnutls_zfree_datum(&psk_key); return ret; @@ -393,7 +393,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, _gnutls_session_ecc_curve_get (session), &psk_key); - _gnutls_free_datum(&psk_key); + _gnutls_zfree_datum(&psk_key); return ret; } diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 8e8abbe498..cccedc0d43 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -115,7 +115,7 @@ static int calc_ecdh_key(gnutls_session_t session, ret = _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key); - _gnutls_free_datum(&tmp_dh_key); + _gnutls_zfree_datum(&tmp_dh_key); } if (ret < 0) { diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 828ded4ff8..710410b27c 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -104,7 +104,7 @@ _gnutls_set_psk_session_key(gnutls_session_t session, ret = 0; error: - _gnutls_free_datum(&pwd_psk); + _gnutls_zfree_datum(&pwd_psk); return ret; } @@ -190,7 +190,7 @@ _gnutls_gen_psk_client_kx(gnutls_session_t session, cleanup: if (free) { gnutls_free(username.data); - gnutls_free(key.data); + _gnutls_zfree_datum(&key); } return ret; @@ -258,7 +258,7 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, ret = 0; error: - _gnutls_free_datum(&psk_key); + _gnutls_zfree_datum(&psk_key); return ret; } diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 0212c50b3e..23c3f41566 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -202,6 +202,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, char *username, cleanup: if (fd != NULL) fclose(fd); + free(line); return ret; diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 23ff898bcd..c9bf5f4c3f 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -240,9 +240,9 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, cleanup: _gnutls_free_datum(&sdata); - _gnutls_free_datum(&premaster_secret); + _gnutls_zfree_datum(&premaster_secret); if (free) { - gnutls_free(key.data); + _gnutls_zfree_datum(&key); gnutls_free(username.data); } @@ -399,8 +399,8 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, ret = 0; cleanup: - _gnutls_free_datum(&pwd_psk); - _gnutls_free_datum(&premaster_secret); + _gnutls_zfree_datum(&pwd_psk); + _gnutls_zfree_datum(&premaster_secret); return ret; } diff --git a/lib/auth/srp.c b/lib/auth/srp.c index d5a0af3618..ae30cd4ed7 100644 --- a/lib/auth/srp.c +++ b/lib/auth/srp.c @@ -304,13 +304,13 @@ _gnutls_gen_srp_client_kx(gnutls_session_t session, _gnutls_mpi_log("SRP B: ", B); - _gnutls_mpi_release(&_b); - _gnutls_mpi_release(&V); - _gnutls_mpi_release(&session->key.u); - _gnutls_mpi_release(&B); + zrelease_temp_mpi_key(&_b); + zrelease_temp_mpi_key(&V); + zrelease_temp_mpi_key(&session->key.u); + zrelease_temp_mpi_key(&B); ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key); - _gnutls_mpi_release(&S); + zrelease_temp_mpi_key(&S); if (ret < 0) { gnutls_assert(); @@ -379,13 +379,13 @@ _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data, _gnutls_mpi_log("SRP S: ", S); _gnutls_mpi_release(&A); - _gnutls_mpi_release(&_b); - _gnutls_mpi_release(&V); - _gnutls_mpi_release(&session->key.u); - _gnutls_mpi_release(&B); + zrelease_temp_mpi_key(&_b); + zrelease_temp_mpi_key(&V); + zrelease_temp_mpi_key(&session->key.u); + zrelease_temp_mpi_key(&B); ret = _gnutls_mpi_dprint(session->key.KEY, &session->key.key); - _gnutls_mpi_release(&S); + zrelease_temp_mpi_key(&S); if (ret < 0) { gnutls_assert(); diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 662a7ba1d6..04aa349390 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -115,7 +115,7 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) entry->username = gnutls_strdup(str); if (entry->username == NULL) { _gnutls_free_datum(&entry->salt); - _gnutls_free_datum(&entry->v); + _gnutls_zfree_datum(&entry->v); gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -426,7 +426,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry) */ void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) { - _gnutls_free_datum(&entry->v); + _gnutls_zfree_datum(&entry->v); _gnutls_free_datum(&entry->salt); if ((entry->g.data != gnutls_srp_1024_group_generator.data) diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h index 9397408047..91293e6516 100644 --- a/lib/gnutls_datum.h +++ b/lib/gnutls_datum.h @@ -29,6 +29,31 @@ int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, int _gnutls_datum_append(gnutls_datum_t * dat, const void *data, size_t data_size); -void _gnutls_free_datum(gnutls_datum_t * dat); + +inline static +void _gnutls_free_datum(gnutls_datum_t * dat) +{ + if (dat->data != NULL) + gnutls_free(dat->data); + + dat->data = NULL; + dat->size = 0; +} + +#ifdef ENABLE_FIPS140 +inline static +void _gnutls_zfree_datum(gnutls_datum_t * dat) +{ + if (dat->data != NULL) { + memset(dat->data, 0, dat->size); + gnutls_free(dat->data); + } + + dat->data = NULL; + dat->size = 0; +} +#else +# define _gnutls_zfree_datum _gnutls_free_datum +#endif #endif diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 778783bf5c..4d68f06581 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -150,7 +150,7 @@ generate_normal_master(gnutls_session_t session, } if (!keep_premaster) - _gnutls_free_datum(premaster); + _gnutls_zfree_datum(premaster); if (ret < 0) return ret; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 21a8f99cee..d1a5646885 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -467,26 +467,27 @@ void gnutls_deinit(gnutls_session_t session) _gnutls_selected_certs_deinit(session); gnutls_pk_params_release(&session->key.ecdh_params); - _gnutls_mpi_release(&session->key.ecdh_x); - _gnutls_mpi_release(&session->key.ecdh_y); + zrelease_temp_mpi_key(&session->key.ecdh_x); + zrelease_temp_mpi_key(&session->key.ecdh_y); - _gnutls_mpi_release(&session->key.KEY); - _gnutls_mpi_release(&session->key.client_Y); - _gnutls_mpi_release(&session->key.client_p); - _gnutls_mpi_release(&session->key.client_g); + zrelease_temp_mpi_key(&session->key.KEY); + zrelease_temp_mpi_key(&session->key.client_Y); + zrelease_temp_mpi_key(&session->key.client_p); + zrelease_temp_mpi_key(&session->key.client_g); - _gnutls_mpi_release(&session->key.u); - _gnutls_mpi_release(&session->key.a); - _gnutls_mpi_release(&session->key.x); - _gnutls_mpi_release(&session->key.A); - _gnutls_mpi_release(&session->key.B); - _gnutls_mpi_release(&session->key.b); + zrelease_temp_mpi_key(&session->key.u); + zrelease_temp_mpi_key(&session->key.a); + zrelease_temp_mpi_key(&session->key.x); + zrelease_temp_mpi_key(&session->key.A); + zrelease_temp_mpi_key(&session->key.B); + zrelease_temp_mpi_key(&session->key.b); /* RSA */ - _gnutls_mpi_release(&session->key.rsa[0]); - _gnutls_mpi_release(&session->key.rsa[1]); + zrelease_temp_mpi_key(&session->key.rsa[0]); + zrelease_temp_mpi_key(&session->key.rsa[1]); - _gnutls_mpi_release(&session->key.dh_secret); + zrelease_temp_mpi_key(&session->key.dh_secret); + _gnutls_zfree_datum(&session->key.key); gnutls_free(session); } diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index e471ca2a14..4d6692043b 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -310,6 +310,8 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } + zeroize_temp_key(des_key, sizeof(des_key)); + break; case GNUTLS_CIPHER_DES_CBC: if (keysize != DES_KEY_SIZE) { @@ -323,6 +325,7 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } + zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: @@ -424,9 +427,12 @@ static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tagsize) } -static void wrap_nettle_cipher_close(void *h) +static void wrap_nettle_cipher_close(void *_ctx) { - gnutls_free(h); + struct nettle_cipher_ctx *ctx = _ctx; + + zeroize_temp_key(ctx, sizeof(*ctx)); + gnutls_free(ctx); } gnutls_crypto_cipher_st _gnutls_cipher_ops = { diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index a2e68811fd..73e8c8f18f 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -183,6 +183,8 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo, ctx.set_key(&ctx, key_size, key); ctx.update(&ctx, text_size, text); ctx.digest(&ctx, ctx.length, digest); + + zeroize_temp_key(&ctx, sizeof(ctx)); return 0; } @@ -278,7 +280,10 @@ wrap_nettle_mac_output(void *src_ctx, void *digest, size_t digestsize) static void wrap_nettle_mac_deinit(void *hd) { - gnutls_free(hd); + struct nettle_mac_ctx *ctx = hd; + + zeroize_temp_key(ctx, sizeof(*ctx)); + gnutls_free(ctx); } /* Hash functions |