Added zeroization of keys in several parts within gnutls.

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-12 14:24:34 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-27 11:41:43 +0100
commit: 54684ed8aefe08e3d8fa49ab21211064c5f7f0f5 (patch)
tree: fd4fdd2c9049489a4d1cb7b30a5fb3f800c9f0cb /lib/nettle/cipher.c
parent: ad35a04fe47a97c41c51d2271b01f24be13217b1 (diff)
download: gnutls-54684ed8aefe08e3d8fa49ab21211064c5f7f0f5.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index e471ca2a14..4d6692043b 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -310,6 +310,8 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 			gnutls_assert();
 			return GNUTLS_E_INTERNAL_ERROR;
 		}
+		zeroize_temp_key(des_key, sizeof(des_key));
+
 		break;
 	case GNUTLS_CIPHER_DES_CBC:
 		if (keysize != DES_KEY_SIZE) {
@@ -323,6 +325,7 @@ wrap_nettle_cipher_setkey(void *_ctx, const void *key, size_t keysize)
 			gnutls_assert();
 			return GNUTLS_E_INTERNAL_ERROR;
 		}
+		zeroize_temp_key(des_key, sizeof(des_key));
 		break;
 	case GNUTLS_CIPHER_ARCFOUR_128:
 	case GNUTLS_CIPHER_ARCFOUR_40:
@@ -424,9 +427,12 @@ static void wrap_nettle_cipher_tag(void *_ctx, void *tag, size_t tagsize)
 
 }
 
-static void wrap_nettle_cipher_close(void *h)
+static void wrap_nettle_cipher_close(void *_ctx)
 {
-	gnutls_free(h);
+	struct nettle_cipher_ctx *ctx = _ctx;
+
+	zeroize_temp_key(ctx, sizeof(*ctx));
+	gnutls_free(ctx);
 }
 
 gnutls_crypto_cipher_st _gnutls_cipher_ops = {
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-12 14:24:34 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-27 11:41:43 +0100
commit	54684ed8aefe08e3d8fa49ab21211064c5f7f0f5 (patch)
tree	fd4fdd2c9049489a4d1cb7b30a5fb3f800c9f0cb /lib/nettle/cipher.c
parent	ad35a04fe47a97c41c51d2271b01f24be13217b1 (diff)
download	gnutls-54684ed8aefe08e3d8fa49ab21211064c5f7f0f5.tar.gz