diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/auth/psk_passwd.c | 12 | ||||
| -rw-r--r-- | lib/auth/srp_passwd.c | 22 | ||||
| -rw-r--r-- | lib/cert-cred-rawpk.c | 13 | ||||
| -rw-r--r-- | lib/cert-cred-x509.c | 10 | ||||
| -rw-r--r-- | lib/datum.h | 8 | ||||
| -rw-r--r-- | lib/file.c | 14 | ||||
| -rw-r--r-- | lib/fips.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 22 | ||||
| -rw-r--r-- | lib/kx.c | 2 | ||||
| -rw-r--r-- | lib/pkcs11.c | 2 | ||||
| -rw-r--r-- | lib/priority.c | 10 | ||||
| -rw-r--r-- | lib/verify-tofu.c | 34 | ||||
| -rw-r--r-- | lib/x509/verify-high2.c | 6 |
13 files changed, 80 insertions, 77 deletions
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index a0427914f9..9a9d68c488 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -155,7 +155,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, gnutls_datum_t * psk) { gnutls_psk_server_credentials_t cred; - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret; @@ -203,13 +203,13 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_ERROR; } - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { if (username_matches(&username_datum, line, line_size)) { ret = pwd_put_values(psk, line); if (ret < 0) { @@ -231,8 +231,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); zeroize_key(line, line_size); free(line); diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index baa4086e77..49039a66e7 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -193,7 +193,7 @@ static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -202,14 +202,14 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx); - fd = fopen(pconf_file, "r"); - if (fd == NULL) { + fp = fopen(pconf_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; } len = strlen(indexstr); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != ':') @@ -234,7 +234,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) cleanup: zeroize_key(line, line_size); free(line); - fclose(fd); + fclose(fp); return ret; } @@ -244,7 +244,7 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, SRP_PWD_ENTRY ** _entry) { gnutls_srp_server_credentials_t cred; - FILE *fd = NULL; + FILE *fp = NULL; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -308,15 +308,15 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); ret = GNUTLS_E_SRP_PWD_ERROR; goto cleanup; } len = strlen(username); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != '\0') @@ -372,8 +372,8 @@ found: zeroize_key(line, line_size); free(line); } - if (fd) - fclose(fd); + if (fp) + fclose(fp); return ret; } diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c index cfa65eb318..56bc5f6584 100644 --- a/lib/cert-cred-rawpk.c +++ b/lib/cert-cred-rawpk.c @@ -239,8 +239,6 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_pcert_st* pcert; - gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file - size_t key_size; gnutls_str_array_t str_names; unsigned int i; @@ -291,8 +289,13 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, } } else { + gnutls_datum_t rawpubkey; // to hold rawpk data from file + size_t key_size; + /* Read our raw public-key into memory from file */ - rawpubkey.data = (void*) read_binary_file(rawpkfile, &key_size); + rawpubkey.data = (void*) read_file(rawpkfile, + RF_BINARY | RF_SENSITIVE, + &key_size); if (rawpubkey.data == NULL) { gnutls_privkey_deinit(privkey); @@ -307,7 +310,9 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey, format, key_usage, 0); - _gnutls_free_datum(&rawpubkey); + zeroize_key(rawpubkey.data, rawpubkey.size); + free(rawpubkey.data); + rawpubkey.size = 0; if (ret < 0) { gnutls_privkey_deinit(privkey); diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index 4e86a59ba6..04aa3169b6 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -543,7 +543,7 @@ read_cert_file(gnutls_certificate_credentials_t res, return read_cert_url(res, key, certfile); } - data = read_binary_file(certfile, &size); + data = read_file(certfile, RF_BINARY, &size); if (data == NULL) { gnutls_assert(); @@ -588,7 +588,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, (GNUTLS_E_UNIMPLEMENTED_FEATURE); } - data = read_binary_file(keyfile, &size); + data = read_file(keyfile, RF_BINARY | RF_SENSITIVE, &size); if (data == NULL) { gnutls_assert(); @@ -596,6 +596,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, } ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey); + zeroize_key(data, size); free(data); return ret; @@ -1447,7 +1448,8 @@ int size_t size; int ret; - p12blob.data = (void *) read_binary_file(pkcs12file, &size); + p12blob.data = (void *) read_file(pkcs12file, RF_BINARY | RF_SENSITIVE, + &size); p12blob.size = (unsigned int) size; if (p12blob.data == NULL) { gnutls_assert(); @@ -1457,7 +1459,9 @@ int ret = gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob, type, password); + zeroize_key(p12blob.data, p12blob.size); free(p12blob.data); + p12blob.size = 0; return ret; } diff --git a/lib/datum.h b/lib/datum.h index 3d86a0dc72..35b9e3b97c 100644 --- a/lib/datum.h +++ b/lib/datum.h @@ -28,13 +28,13 @@ /* This will copy the provided data in @dat. If the provided data are * NULL or zero-size @dat will be NULL as well. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size); /* This will always return a non-NULL, and zero-terminated string in @dat. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, size_t data_size); @@ -48,7 +48,7 @@ void _gnutls_free_datum(gnutls_datum_t * dat) } } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { @@ -59,7 +59,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) dat->size = 0; } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { diff --git a/lib/file.c b/lib/file.c index cec1281bd1..3ded84913b 100644 --- a/lib/file.c +++ b/lib/file.c @@ -27,13 +27,13 @@ int _gnutls_file_exists(const char *file) { - FILE *fd; + FILE *fp; - fd = fopen(file, "r"); - if (fd == NULL) + fp = fopen(file, "re"); + if (fp == NULL) return -1; - fclose(fd); + fclose(fp); return 0; } @@ -46,6 +46,10 @@ int _gnutls_file_exists(const char *file) * zero terminated but the terminating null is not included in length. * The returned data are allocated using gnutls_malloc(). * + * Note that this function is not designed for reading sensitive materials, + * such as private keys, on practical applications. When the reading fails + * in the middle, the partially loaded content might remain on memory. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. * @@ -55,7 +59,7 @@ int gnutls_load_file(const char *filename, gnutls_datum_t * data) { size_t len; - data->data = (void *) read_binary_file(filename, &len); + data->data = (void *) read_file(filename, RF_BINARY, &len); if (data->data == NULL) return GNUTLS_E_FILE_ERROR; diff --git a/lib/fips.c b/lib/fips.c index 75f26f629e..acdd2ec23e 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -93,7 +93,7 @@ unsigned _gnutls_fips_mode_enabled(void) goto exit; } - fd = fopen(FIPS_KERNEL_FILE, "r"); + fd = fopen(FIPS_KERNEL_FILE, "re"); if (fd != NULL) { f1p = fgetc(fd); fclose(fd); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 9959c82202..4db7a2534d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -55,6 +55,8 @@ typedef int ssize_t; #include <nettle/memxor.h> +#include "attribute.h" + #define ENABLE_ALIGN16 #ifdef __clang_major @@ -76,26 +78,6 @@ typedef int ssize_t; # define unlikely #endif -#if _GNUTLS_GCC_VERSION >= 30300 -# define attr_nonnull_all __attribute__ ((nonnull)) -# define attr_nonnull(a) __attribute__ ((nonnull a)) -#else -# define attr_nonnull_all -# define attr_nonnull(a) -#endif - -#if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) -# define attr_warn_unused_result __attribute__((warn_unused_result)) -#else -# define attr_warn_unused_result -#endif - -#if _GNUTLS_GCC_VERSION >= 70100 -# define FALLTHROUGH __attribute__ ((fallthrough)) -#else -# define FALLTHROUGH -#endif - #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <gnutls/abstract.h> @@ -143,7 +143,7 @@ void _gnutls_nss_keylog_write(gnutls_session_t session, checked_env = 1; keylogfile = secure_getenv("SSLKEYLOGFILE"); if (keylogfile != NULL) - keylog = fopen(keylogfile, "a"); + keylog = fopen(keylogfile, "ae"); } if (keylog) { diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d03bf6e444..fad16aaf4f 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -889,7 +889,7 @@ static void compat_load(const char *configfile) if (configfile == NULL) configfile = "/etc/gnutls/pkcs11.conf"; - fp = fopen(configfile, "r"); + fp = fopen(configfile, "re"); if (fp == NULL) { gnutls_assert(); return; diff --git a/lib/priority.c b/lib/priority.c index ad99459adb..0a284ae1f1 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1304,6 +1304,7 @@ static void _gnutls_update_system_priorities(void) { int ret; struct stat sb; + FILE *fp; if (stat(system_priority_file, &sb) < 0) { _gnutls_debug_log("cfg: unable to access: %s: %d\n", @@ -1321,7 +1322,14 @@ static void _gnutls_update_system_priorities(void) if (system_wide_priority_strings_init != 0) _name_val_array_clear(&system_wide_priority_strings); - ret = ini_parse(system_priority_file, cfg_ini_handler, NULL); + fp = fopen(system_priority_file, "re"); + if (fp == NULL) { + _gnutls_debug_log("cfg: unable to open: %s: %d\n", + system_priority_file, errno); + return; + } + ret = ini_parse_file(fp, cfg_ini_handler, NULL); + fclose(fp); if (ret != 0) { _gnutls_debug_log("cfg: unable to parse: %s: %d\n", system_priority_file, ret); diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index 36328e04af..5cedeed118 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -326,7 +326,7 @@ static int verify_pubkey(const char *file, const char *host, const char *service, const gnutls_datum_t * pubkey) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret, l2, mismatch = 0; @@ -343,14 +343,14 @@ static int verify_pubkey(const char *file, if (service != NULL) service_len = strlen(service); - fd = fopen(file, "rb"); - if (fd == NULL) { + fp = fopen(file, "rbe"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } do { - l2 = getline(&line, &line_size, fd); + l2 = getline(&line, &line_size, fp); if (l2 > 0) { ret = parse_line(line, host, host_len, service, @@ -371,8 +371,8 @@ static int verify_pubkey(const char *file, cleanup: free(line); - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_free(b64key.data); return ret; @@ -400,7 +400,7 @@ int store_pubkey(const char *db_name, const char *host, const char *service, time_t expiration, const gnutls_datum_t * pubkey) { - FILE *fd = NULL; + FILE *fp = NULL; gnutls_datum_t b64key = { NULL, 0 }; int ret; @@ -414,8 +414,8 @@ int store_pubkey(const char *db_name, const char *host, goto cleanup; } - fd = fopen(db_name, "ab+"); - if (fd == NULL) { + fp = fopen(db_name, "abe+"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } @@ -425,14 +425,14 @@ int store_pubkey(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service, + fprintf(fp, "|g0|%s|%s|%lu|%.*s\n", host, service, (unsigned long) expiration, b64key.size, b64key.data); ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_mutex_unlock(&_gnutls_file_mutex); gnutls_free(b64key.data); @@ -446,11 +446,11 @@ int store_commitment(const char *db_name, const char *host, gnutls_digest_algorithm_t hash_algo, const gnutls_datum_t * hash) { - FILE *fd; + FILE *fp; char buffer[MAX_HASH_SIZE * 2 + 1]; - fd = fopen(db_name, "ab+"); - if (fd == NULL) + fp = fopen(db_name, "abe+"); + if (fp == NULL) return gnutls_assert_val(GNUTLS_E_FILE_ERROR); if (service == NULL) @@ -458,12 +458,12 @@ int store_commitment(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service, + fprintf(fp, "|c0|%s|%s|%lu|%u|%s\n", host, service, (unsigned long) expiration, (unsigned) hash_algo, _gnutls_bin2hex(hash->data, hash->size, buffer, sizeof(buffer), NULL)); - fclose(fd); + fclose(fp); return 0; } diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 50020d074c..9820595e97 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -356,7 +356,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -366,7 +366,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } if (crl_file) { - crls.data = (void *) read_binary_file(crl_file, &size); + crls.data = (void *) read_file(crl_file, RF_BINARY, &size); if (crls.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -551,7 +551,7 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; |