diff options
-rw-r--r-- | lib/x509/key_decode.c | 1 | ||||
-rw-r--r-- | lib/x509/key_encode.c | 9 | ||||
-rw-r--r-- | lib/x509/privkey.c | 10 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 62 |
4 files changed, 32 insertions, 50 deletions
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 0a5e753eb8..d14e44e252 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Red Hat * * Author: Nikos Mavrogiannopoulos * diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index bbc766fd72..388e57776a 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Red Hat * * Author: Nikos Mavrogiannopoulos * @@ -465,7 +466,7 @@ _gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params) cleanup: if (ret < 0) - asn1_delete_structure(c2); + asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pk_params); gnutls_pk_params_release(&pk_params); @@ -554,8 +555,8 @@ _gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params) _gnutls_free_datum(&pubkey); return 0; - cleanup: - asn1_delete_structure(c2); +cleanup: + asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); _gnutls_free_datum(&pubkey); return ret; @@ -635,7 +636,7 @@ _gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params) return 0; cleanup: - asn1_delete_structure(c2); + asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; } diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 72c5d09158..bf4b77637d 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -70,7 +70,7 @@ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); - asn1_delete_structure(&key->key); + asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE); gnutls_free(key); } @@ -222,7 +222,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, return pkey_asn; error: - asn1_delete_structure(&pkey_asn); + asn1_delete_structure2(&pkey_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); return NULL; @@ -324,7 +324,7 @@ _gnutls_privkey_decode_ecc_key(const gnutls_datum_t * raw_key, return pkey_asn; error: - asn1_delete_structure(&pkey_asn); + asn1_delete_structure2(&pkey_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); return NULL; @@ -399,7 +399,7 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) return dsa_asn; error: - asn1_delete_structure(&dsa_asn); + asn1_delete_structure2(&dsa_asn, ASN1_DELETE_FLAG_ZEROIZE); gnutls_pk_params_clear(&pkey->params); gnutls_pk_params_release(&pkey->params); return NULL; @@ -1776,7 +1776,7 @@ int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key) return GNUTLS_E_INVALID_REQUEST; } - asn1_delete_structure(&key->key); + asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE); ret = _gnutls_asn1_encode_privkey(key->pk_algorithm, &key->key, diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index da0b94e25d..8dc04f7b7d 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -127,8 +127,6 @@ static int check_schema(const char *oid) inline static int _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) { - size_t size = 0; - uint8_t *data = NULL; int ret; ASN1_TYPE spk = ASN1_TYPE_EMPTY; @@ -136,31 +134,13 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_RSA: case GNUTLS_PK_EC: ret = - gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, - NULL, &size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - goto error; - } - - data = gnutls_malloc(size); - if (data == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - - ret = - gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, - data, &size); + gnutls_x509_privkey_export2(pkey, GNUTLS_X509_FMT_DER, + raw); if (ret < 0) { gnutls_assert(); goto error; } - raw->data = data; - raw->size = size; break; case GNUTLS_PK_DSA: /* DSAPublicKey == INTEGER */ @@ -185,7 +165,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) goto error; } - asn1_delete_structure(&spk); + asn1_delete_structure2(&spk, ASN1_DELETE_FLAG_ZEROIZE); break; default: @@ -196,7 +176,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) return 0; error: - gnutls_free(data); + asn1_delete_structure2(&spk, ASN1_DELETE_FLAG_ZEROIZE); asn1_delete_structure(&spk); return ret; @@ -330,7 +310,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, return 0; error: - asn1_delete_structure(pkey_info); + asn1_delete_structure2(pkey_info, ASN1_DELETE_FLAG_ZEROIZE); _gnutls_free_datum(&algo_params); _gnutls_free_key_datum(&algo_privkey); return result; @@ -537,7 +517,7 @@ encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } @@ -609,14 +589,14 @@ gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, PEM_UNENCRYPTED_PKCS8, output_data, output_data_size); - asn1_delete_structure(&pkey_info); + asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); } else { - asn1_delete_structure(&pkey_info); /* we don't need it */ + asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn); - _gnutls_free_datum(&tmp); + _gnutls_free_key_datum(&tmp); if (ret < 0) { gnutls_assert(); @@ -627,7 +607,7 @@ gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8, output_data, output_data_size); - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); } return ret; @@ -695,9 +675,9 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, _gnutls_x509_export_int2(pkey_info, format, PEM_UNENCRYPTED_PKCS8, out); - asn1_delete_structure(&pkey_info); + asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); } else { - asn1_delete_structure(&pkey_info); /* we don't need it */ + asn1_delete_structure2(&pkey_info, ASN1_DELETE_FLAG_ZEROIZE); /* we don't need it */ ret = encode_to_pkcs8_key(schema, &tmp, password, @@ -713,7 +693,7 @@ gnutls_x509_privkey_export2_pkcs8(gnutls_x509_privkey_t key, _gnutls_x509_export_int2(pkcs8_asn, format, PEM_PKCS8, out); - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); } return ret; @@ -776,7 +756,7 @@ read_pkcs_schema_params(schema_id * schema, const char *password, goto error; } - asn1_delete_structure(&pbes2_asn); + asn1_delete_structure2(&pbes2_asn, ASN1_DELETE_FLAG_ZEROIZE); result = cipher_to_schema(enc_params->cipher); if (result < 0) { @@ -997,7 +977,7 @@ decode_pkcs8_key(const gnutls_datum_t * raw_key, result = 0; error: - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } @@ -1198,8 +1178,8 @@ decode_private_key_info(const gnutls_datum_t * der, result = 0; - error: - asn1_delete_structure(&pkcs8_asn); +error: + asn1_delete_structure2(&pkcs8_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; @@ -2298,7 +2278,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, goto error; } - asn1_delete_structure(&pkcs7_asn); + asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); *dec = tmp; @@ -2306,7 +2286,7 @@ _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, error: asn1_delete_structure(&pbes2_asn); - asn1_delete_structure(&pkcs7_asn); + asn1_delete_structure(&pkcs7_asn2, ASN1_DELETE_FLAG_ZEROIZE); return result; } @@ -2425,7 +2405,7 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, */ result = _gnutls_x509_der_encode(pkcs7_asn, "", enc, 0); - asn1_delete_structure(&pkcs7_asn); + asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); if (result < 0) { gnutls_assert(); @@ -2436,6 +2416,6 @@ _gnutls_pkcs7_encrypt_data(schema_id schema, error: _gnutls_free_key_datum(&key); _gnutls_free_datum(&tmp); - asn1_delete_structure(&pkcs7_asn); + asn1_delete_structure2(&pkcs7_asn, ASN1_DELETE_FLAG_ZEROIZE); return result; } |