From a807044bd00658d36a2d507dbe3744280a0a9cf9 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Mon, 25 May 2020 11:21:38 +0200
Subject: cert-cred: clear private key data loaded from file

This makes use of the RF_SENSITIVE flag newly added to read_file
function when reading potentially senstive information from a file.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 lib/cert-cred-rawpk.c | 13 +++++++++----
 lib/cert-cred-x509.c  |  8 ++++++--
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c
index 1d086156ab..56bc5f6584 100644
--- a/lib/cert-cred-rawpk.c
+++ b/lib/cert-cred-rawpk.c
@@ -239,8 +239,6 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
 	gnutls_privkey_t privkey;
 	gnutls_pubkey_t pubkey;
 	gnutls_pcert_st* pcert;
-	gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file
-	size_t key_size;
 	gnutls_str_array_t str_names;
 	unsigned int i;
 
@@ -291,8 +289,13 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
 		}
 
 	} else {
+		gnutls_datum_t rawpubkey; // to hold rawpk data from file
+		size_t key_size;
+
 		/* Read our raw public-key into memory from file */
-		rawpubkey.data = (void*) read_file(rawpkfile, RF_BINARY, &key_size);
+		rawpubkey.data = (void*) read_file(rawpkfile,
+						   RF_BINARY | RF_SENSITIVE,
+						   &key_size);
 		if (rawpubkey.data == NULL) {
 			gnutls_privkey_deinit(privkey);
 
@@ -307,7 +310,9 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
 		ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey,
 						format, key_usage, 0);
 
-		_gnutls_free_datum(&rawpubkey);
+		zeroize_key(rawpubkey.data, rawpubkey.size);
+		free(rawpubkey.data);
+		rawpubkey.size = 0;
 
 		if (ret < 0) {
 			gnutls_privkey_deinit(privkey);
diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c
index 453b832ac2..04aa3169b6 100644
--- a/lib/cert-cred-x509.c
+++ b/lib/cert-cred-x509.c
@@ -588,7 +588,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res,
 			    (GNUTLS_E_UNIMPLEMENTED_FEATURE);
 	}
 
-	data = read_file(keyfile, RF_BINARY, &size);
+	data = read_file(keyfile, RF_BINARY | RF_SENSITIVE, &size);
 
 	if (data == NULL) {
 		gnutls_assert();
@@ -596,6 +596,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res,
 	}
 
 	ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey);
+	zeroize_key(data, size);
 	free(data);
 
 	return ret;
@@ -1447,7 +1448,8 @@ int
 	size_t size;
 	int ret;
 
-	p12blob.data = (void *) read_file(pkcs12file, RF_BINARY, &size);
+	p12blob.data = (void *) read_file(pkcs12file, RF_BINARY | RF_SENSITIVE,
+					  &size);
 	p12blob.size = (unsigned int) size;
 	if (p12blob.data == NULL) {
 		gnutls_assert();
@@ -1457,7 +1459,9 @@ int
 	ret =
 	    gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob,
 							  type, password);
+	zeroize_key(p12blob.data, p12blob.size);
 	free(p12blob.data);
+	p12blob.size = 0;
 
 	return ret;
 }
-- 
cgit v1.2.1