diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-12 14:24:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 11:41:43 +0100 |
commit | 54684ed8aefe08e3d8fa49ab21211064c5f7f0f5 (patch) | |
tree | fd4fdd2c9049489a4d1cb7b30a5fb3f800c9f0cb /lib/nettle/cipher.c | |
parent | ad35a04fe47a97c41c51d2271b01f24be13217b1 (diff) | |
download | gnutls-54684ed8aefe08e3d8fa49ab21211064c5f7f0f5.tar.gz |
Added zeroization of keys in several parts within gnutls.
Diffstat (limited to 'lib/nettle/cipher.c')
-rw-r--r-- | lib/nettle/cipher.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index e471ca2a14..4d6692043b 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -310,6 +310,8 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } + zeroize_temp_key(des_key, sizeof(des_key)); + break; case GNUTLS_CIPHER_DES_CBC: if (keysize != DES_KEY_SIZE) { @@ -323,6 +325,7 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize) gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } + zeroize_temp_key(des_key, sizeof(des_key)); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: @@ -424,9 +427,12 @@ static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tagsize) } -static void wrap_nettle_cipher_close(void *h) +static void wrap_nettle_cipher_close(void *_ctx) { - gnutls_free(h); + struct nettle_cipher_ctx *ctx = _ctx; + + zeroize_temp_key(ctx, sizeof(*ctx)); + gnutls_free(ctx); } gnutls_crypto_cipher_st _gnutls_cipher_ops = { |