diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-12 14:24:34 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-11-27 11:41:43 +0100 |
commit | 54684ed8aefe08e3d8fa49ab21211064c5f7f0f5 (patch) | |
tree | fd4fdd2c9049489a4d1cb7b30a5fb3f800c9f0cb /lib/gnutls_state.c | |
parent | ad35a04fe47a97c41c51d2271b01f24be13217b1 (diff) | |
download | gnutls-54684ed8aefe08e3d8fa49ab21211064c5f7f0f5.tar.gz |
Added zeroization of keys in several parts within gnutls.
Diffstat (limited to 'lib/gnutls_state.c')
-rw-r--r-- | lib/gnutls_state.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 21a8f99cee..d1a5646885 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -467,26 +467,27 @@ void gnutls_deinit(gnutls_session_t session) _gnutls_selected_certs_deinit(session); gnutls_pk_params_release(&session->key.ecdh_params); - _gnutls_mpi_release(&session->key.ecdh_x); - _gnutls_mpi_release(&session->key.ecdh_y); + zrelease_temp_mpi_key(&session->key.ecdh_x); + zrelease_temp_mpi_key(&session->key.ecdh_y); - _gnutls_mpi_release(&session->key.KEY); - _gnutls_mpi_release(&session->key.client_Y); - _gnutls_mpi_release(&session->key.client_p); - _gnutls_mpi_release(&session->key.client_g); + zrelease_temp_mpi_key(&session->key.KEY); + zrelease_temp_mpi_key(&session->key.client_Y); + zrelease_temp_mpi_key(&session->key.client_p); + zrelease_temp_mpi_key(&session->key.client_g); - _gnutls_mpi_release(&session->key.u); - _gnutls_mpi_release(&session->key.a); - _gnutls_mpi_release(&session->key.x); - _gnutls_mpi_release(&session->key.A); - _gnutls_mpi_release(&session->key.B); - _gnutls_mpi_release(&session->key.b); + zrelease_temp_mpi_key(&session->key.u); + zrelease_temp_mpi_key(&session->key.a); + zrelease_temp_mpi_key(&session->key.x); + zrelease_temp_mpi_key(&session->key.A); + zrelease_temp_mpi_key(&session->key.B); + zrelease_temp_mpi_key(&session->key.b); /* RSA */ - _gnutls_mpi_release(&session->key.rsa[0]); - _gnutls_mpi_release(&session->key.rsa[1]); + zrelease_temp_mpi_key(&session->key.rsa[0]); + zrelease_temp_mpi_key(&session->key.rsa[1]); - _gnutls_mpi_release(&session->key.dh_secret); + zrelease_temp_mpi_key(&session->key.dh_secret); + _gnutls_zfree_datum(&session->key.key); gnutls_free(session); } |