better naming for free_datum functions.

10 files changed, 44 insertions, 32 deletions

diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 745787c25a..5cc0d4cec0 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -100,7 +100,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
 		ret =
 		    _gnutls_set_psk_session_key(session, psk_key,
 						&tmp_dh_key);
-		_gnutls_zfree_datum(&tmp_dh_key);
+		_gnutls_free_temp_key_datum(&tmp_dh_key);
 
 	}
 
@@ -175,7 +175,7 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
 		ret =
 		    _gnutls_set_psk_session_key(session, pskkey,
 						&tmp_dh_key);
-		_gnutls_zfree_datum(&tmp_dh_key);
+		_gnutls_free_temp_key_datum(&tmp_dh_key);
 	}
 
 	zrelease_temp_mpi_key(&session->key.KEY);
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index 7c8b14c5fa..286f944244 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -131,7 +131,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
       cleanup:
 	if (free) {
 		_gnutls_free_datum(&username);
-		_gnutls_zfree_datum(&key);
+		_gnutls_free_temp_key_datum(&key);
 	}
 
 	return ret;
@@ -175,7 +175,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
       cleanup:
 	if (free) {
 		_gnutls_free_datum(&username);
-		_gnutls_zfree_datum(&key);
+		_gnutls_free_temp_key_datum(&key);
 	}
 
 	return ret;
@@ -328,7 +328,7 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
 	ret = _gnutls_proc_dh_common_client_kx(session, data, data_size,
 					       g, p, &psk_key);
 
-	_gnutls_zfree_datum(&psk_key);
+	_gnutls_free_temp_key_datum(&psk_key);
 
 	return ret;
 
@@ -393,7 +393,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
 						 _gnutls_session_ecc_curve_get
 						 (session), &psk_key);
 
-	_gnutls_zfree_datum(&psk_key);
+	_gnutls_free_temp_key_datum(&psk_key);
 
 	return ret;
 }
diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c
index cccedc0d43..94988fe814 100644
--- a/lib/auth/ecdhe.c
+++ b/lib/auth/ecdhe.c
@@ -115,7 +115,7 @@ static int calc_ecdh_key(gnutls_session_t session,
 		ret =
 		    _gnutls_set_psk_session_key(session, psk_key,
 						&tmp_dh_key);
-		_gnutls_zfree_datum(&tmp_dh_key);
+		_gnutls_free_temp_key_datum(&tmp_dh_key);
 	}
 
 	if (ret < 0) {
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 710410b27c..de654f69e5 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -104,7 +104,7 @@ _gnutls_set_psk_session_key(gnutls_session_t session,
 	ret = 0;
 
       error:
-	_gnutls_zfree_datum(&pwd_psk);
+	_gnutls_free_temp_key_datum(&pwd_psk);
 	return ret;
 }
 
@@ -190,7 +190,7 @@ _gnutls_gen_psk_client_kx(gnutls_session_t session,
       cleanup:
 	if (free) {
 		gnutls_free(username.data);
-		_gnutls_zfree_datum(&key);
+		_gnutls_free_temp_key_datum(&key);
 	}
 
 	return ret;
@@ -258,7 +258,7 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data,
 	ret = 0;
 
       error:
-	_gnutls_zfree_datum(&psk_key);
+	_gnutls_free_temp_key_datum(&psk_key);
 
 	return ret;
 }
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index c9bf5f4c3f..ff1468f16d 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -240,9 +240,9 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session,
 
       cleanup:
 	_gnutls_free_datum(&sdata);
-	_gnutls_zfree_datum(&premaster_secret);
+	_gnutls_free_temp_key_datum(&premaster_secret);
 	if (free) {
-		_gnutls_zfree_datum(&key);
+		_gnutls_free_temp_key_datum(&key);
 		gnutls_free(username.data);
 	}
 
@@ -399,8 +399,8 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
 
 	ret = 0;
       cleanup:
-	_gnutls_zfree_datum(&pwd_psk);
-	_gnutls_zfree_datum(&premaster_secret);
+	_gnutls_free_temp_key_datum(&pwd_psk);
+	_gnutls_free_temp_key_datum(&premaster_secret);
 
 	return ret;
 }
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index 04aa349390..c5f61c7e7d 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -115,7 +115,7 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str)
 	entry->username = gnutls_strdup(str);
 	if (entry->username == NULL) {
 		_gnutls_free_datum(&entry->salt);
-		_gnutls_zfree_datum(&entry->v);
+		_gnutls_free_temp_key_datum(&entry->v);
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
 	}
@@ -426,7 +426,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry)
  */
 void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry)
 {
-	_gnutls_zfree_datum(&entry->v);
+	_gnutls_free_temp_key_datum(&entry->v);
 	_gnutls_free_datum(&entry->salt);
 
 	if ((entry->g.data != gnutls_srp_1024_group_generator.data)
diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h
index 78e86f02a2..80ba84af7a 100644
--- a/lib/gnutls_datum.h
+++ b/lib/gnutls_datum.h
@@ -43,7 +43,19 @@ void _gnutls_free_datum(gnutls_datum_t * dat)
 }
 
 inline static
-void _gnutls_zfree_datum(gnutls_datum_t * dat)
+void _gnutls_free_temp_key_datum(gnutls_datum_t * dat)
+{
+	if (dat->data != NULL) {
+		zeroize_temp_key(dat->data, dat->size);
+		gnutls_free(dat->data);
+        }
+
+	dat->data = NULL;
+	dat->size = 0;
+}
+
+inline static
+void _gnutls_free_key_datum(gnutls_datum_t * dat)
 {
 	if (dat->data != NULL) {
 		zeroize_key(dat->data, dat->size);
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 4d68f06581..23542144ef 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -150,7 +150,7 @@ generate_normal_master(gnutls_session_t session,
 	}
 
 	if (!keep_premaster)
-		_gnutls_zfree_datum(premaster);
+		_gnutls_free_temp_key_datum(premaster);
 
 	if (ret < 0)
 		return ret;
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index d1a5646885..3afec2f8e3 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -487,7 +487,7 @@ void gnutls_deinit(gnutls_session_t session)
 	zrelease_temp_mpi_key(&session->key.rsa[1]);
 
 	zrelease_temp_mpi_key(&session->key.dh_secret);
-	_gnutls_zfree_datum(&session->key.key);
+	_gnutls_free_temp_key_datum(&session->key.key);
 
 	gnutls_free(session);
 }
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 140da472aa..da0b94e25d 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -264,7 +264,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey,
 	result =
 	    asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
 			     algo_params.data, algo_params.size);
-	_gnutls_zfree_datum(&algo_params);
+	_gnutls_free_key_datum(&algo_params);
 
 	if (result != ASN1_SUCCESS) {
 		gnutls_assert();
@@ -284,7 +284,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey,
 	result =
 	    asn1_write_value(*pkey_info, "privateKey", algo_privkey.data,
 			     algo_privkey.size);
-	_gnutls_zfree_datum(&algo_privkey);
+	_gnutls_free_key_datum(&algo_privkey);
 
 	if (result != ASN1_SUCCESS) {
 		gnutls_assert();
@@ -332,7 +332,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey,
       error:
 	asn1_delete_structure(pkey_info);
 	_gnutls_free_datum(&algo_params);
-	_gnutls_zfree_datum(&algo_privkey);
+	_gnutls_free_key_datum(&algo_privkey);
 	return result;
 
 }
@@ -528,14 +528,14 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key,
 	}
 
 	_gnutls_free_datum(&tmp);
-	_gnutls_zfree_datum(&key);
+	_gnutls_free_key_datum(&key);
 
 	*out = pkcs8_asn;
 
 	return 0;
 
       error:
-	_gnutls_zfree_datum(&key);
+	_gnutls_free_key_datum(&key);
 	_gnutls_free_datum(&tmp);
 	asn1_delete_structure(&pkcs8_asn);
 	return result;
@@ -689,7 +689,7 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
 
 	if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
 	    && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
-		_gnutls_zfree_datum(&tmp);
+		_gnutls_free_key_datum(&tmp);
 
 		ret =
 		    _gnutls_x509_export_int2(pkey_info, format,
@@ -702,7 +702,7 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key,
 		ret =
 		    encode_to_pkcs8_key(schema, &tmp, password,
 					&pkcs8_asn);
-		_gnutls_zfree_datum(&tmp);
+		_gnutls_free_key_datum(&tmp);
 
 		if (ret < 0) {
 			gnutls_assert();
@@ -928,7 +928,7 @@ static int decrypt_pkcs8_key(const gnutls_datum_t * raw_key,
 	}
 
 	result = decode_private_key_info(&tmp, pkey);
-	_gnutls_zfree_datum(&tmp);
+	_gnutls_free_key_datum(&tmp);
 
 	if (result < 0) {
 		/* We've gotten this far. In the real world it's almost certain
@@ -1017,7 +1017,7 @@ _decode_pkcs8_rsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 	}
 
 	pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
-	_gnutls_zfree_datum(&tmp);
+	_gnutls_free_key_datum(&tmp);
 
 	if (pkey->key == NULL) {
 		gnutls_assert();
@@ -1045,7 +1045,7 @@ _decode_pkcs8_ecc_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 	}
 
 	pkey->key = _gnutls_privkey_decode_ecc_key(&tmp, pkey);
-	_gnutls_zfree_datum(&tmp);
+	_gnutls_free_key_datum(&tmp);
 
 	if (pkey->key == NULL) {
 		ret = GNUTLS_E_PARSING_ERROR;
@@ -1076,7 +1076,7 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 	ret =
 	    _gnutls_x509_read_der_int(tmp.data, tmp.size,
 				      &pkey->params.params[4]);
-	_gnutls_zfree_datum(&tmp);
+	_gnutls_free_key_datum(&tmp);
 
 	if (ret < 0) {
 		gnutls_assert();
@@ -2394,7 +2394,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
 	}
 
 	_gnutls_free_datum(&tmp);
-	_gnutls_zfree_datum(&key);
+	_gnutls_free_key_datum(&key);
 
 	/* Now write the rest of the pkcs-7 stuff.
 	 */
@@ -2434,7 +2434,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema,
 
 
       error:
-	_gnutls_zfree_datum(&key);
+	_gnutls_free_key_datum(&key);
 	_gnutls_free_datum(&tmp);
 	asn1_delete_structure(&pkcs7_asn);
 	return result;