ret =
_gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
- _gnutls_zfree_datum(&tmp_dh_key);
+ _gnutls_free_temp_key_datum(&tmp_dh_key);
}
ret =
_gnutls_set_psk_session_key(session, pskkey,
&tmp_dh_key);
- _gnutls_zfree_datum(&tmp_dh_key);
+ _gnutls_free_temp_key_datum(&tmp_dh_key);
}
zrelease_temp_mpi_key(&session->key.KEY);
cleanup:
if (free) {
_gnutls_free_datum(&username);
- _gnutls_zfree_datum(&key);
+ _gnutls_free_temp_key_datum(&key);
}
return ret;
cleanup:
if (free) {
_gnutls_free_datum(&username);
- _gnutls_zfree_datum(&key);
+ _gnutls_free_temp_key_datum(&key);
}
return ret;
ret = _gnutls_proc_dh_common_client_kx(session, data, data_size,
g, p, &psk_key);
- _gnutls_zfree_datum(&psk_key);
+ _gnutls_free_temp_key_datum(&psk_key);
return ret;
_gnutls_session_ecc_curve_get
(session), &psk_key);
- _gnutls_zfree_datum(&psk_key);
+ _gnutls_free_temp_key_datum(&psk_key);
return ret;
}
ret =
_gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
- _gnutls_zfree_datum(&tmp_dh_key);
+ _gnutls_free_temp_key_datum(&tmp_dh_key);
}
if (ret < 0) {
ret = 0;
error:
- _gnutls_zfree_datum(&pwd_psk);
+ _gnutls_free_temp_key_datum(&pwd_psk);
return ret;
}
cleanup:
if (free) {
gnutls_free(username.data);
- _gnutls_zfree_datum(&key);
+ _gnutls_free_temp_key_datum(&key);
}
return ret;
ret = 0;
error:
- _gnutls_zfree_datum(&psk_key);
+ _gnutls_free_temp_key_datum(&psk_key);
return ret;
}
cleanup:
_gnutls_free_datum(&sdata);
- _gnutls_zfree_datum(&premaster_secret);
+ _gnutls_free_temp_key_datum(&premaster_secret);
if (free) {
- _gnutls_zfree_datum(&key);
+ _gnutls_free_temp_key_datum(&key);
gnutls_free(username.data);
}
ret = 0;
cleanup:
- _gnutls_zfree_datum(&pwd_psk);
- _gnutls_zfree_datum(&premaster_secret);
+ _gnutls_free_temp_key_datum(&pwd_psk);
+ _gnutls_free_temp_key_datum(&premaster_secret);
return ret;
}
entry->username = gnutls_strdup(str);
if (entry->username == NULL) {
_gnutls_free_datum(&entry->salt);
- _gnutls_zfree_datum(&entry->v);
+ _gnutls_free_temp_key_datum(&entry->v);
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
*/
void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry)
{
- _gnutls_zfree_datum(&entry->v);
+ _gnutls_free_temp_key_datum(&entry->v);
_gnutls_free_datum(&entry->salt);
if ((entry->g.data != gnutls_srp_1024_group_generator.data)
}
inline static
-void _gnutls_zfree_datum(gnutls_datum_t * dat)
+void _gnutls_free_temp_key_datum(gnutls_datum_t * dat)
+{
+ if (dat->data != NULL) {
+ zeroize_temp_key(dat->data, dat->size);
+ gnutls_free(dat->data);
+ }
+
+ dat->data = NULL;
+ dat->size = 0;
+}
+
+inline static
+void _gnutls_free_key_datum(gnutls_datum_t * dat)
{
if (dat->data != NULL) {
zeroize_key(dat->data, dat->size);
}
if (!keep_premaster)
- _gnutls_zfree_datum(premaster);
+ _gnutls_free_temp_key_datum(premaster);
if (ret < 0)
return ret;
zrelease_temp_mpi_key(&session->key.rsa[1]);
zrelease_temp_mpi_key(&session->key.dh_secret);
- _gnutls_zfree_datum(&session->key.key);
+ _gnutls_free_temp_key_datum(&session->key.key);
gnutls_free(session);
}
result =
asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters",
algo_params.data, algo_params.size);
- _gnutls_zfree_datum(&algo_params);
+ _gnutls_free_key_datum(&algo_params);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result =
asn1_write_value(*pkey_info, "privateKey", algo_privkey.data,
algo_privkey.size);
- _gnutls_zfree_datum(&algo_privkey);
+ _gnutls_free_key_datum(&algo_privkey);
if (result != ASN1_SUCCESS) {
gnutls_assert();
error:
asn1_delete_structure(pkey_info);
_gnutls_free_datum(&algo_params);
- _gnutls_zfree_datum(&algo_privkey);
+ _gnutls_free_key_datum(&algo_privkey);
return result;
}
}
_gnutls_free_datum(&tmp);
- _gnutls_zfree_datum(&key);
+ _gnutls_free_key_datum(&key);
*out = pkcs8_asn;
return 0;
error:
- _gnutls_zfree_datum(&key);
+ _gnutls_free_key_datum(&key);
_gnutls_free_datum(&tmp);
asn1_delete_structure(&pkcs8_asn);
return result;
if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
&& !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
ret =
_gnutls_x509_export_int2(pkey_info, format,
ret =
encode_to_pkcs8_key(schema, &tmp, password,
&pkcs8_asn);
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
if (ret < 0) {
gnutls_assert();
}
result = decode_private_key_info(&tmp, pkey);
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
if (result < 0) {
/* We've gotten this far. In the real world it's almost certain
}
pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey);
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
if (pkey->key == NULL) {
gnutls_assert();
}
pkey->key = _gnutls_privkey_decode_ecc_key(&tmp, pkey);
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
if (pkey->key == NULL) {
ret = GNUTLS_E_PARSING_ERROR;
ret =
_gnutls_x509_read_der_int(tmp.data, tmp.size,
&pkey->params.params[4]);
- _gnutls_zfree_datum(&tmp);
+ _gnutls_free_key_datum(&tmp);
if (ret < 0) {
gnutls_assert();
}
_gnutls_free_datum(&tmp);
- _gnutls_zfree_datum(&key);
+ _gnutls_free_key_datum(&key);
/* Now write the rest of the pkcs-7 stuff.
*/
error:
- _gnutls_zfree_datum(&key);
+ _gnutls_free_key_datum(&key);
_gnutls_free_datum(&tmp);
asn1_delete_structure(&pkcs7_asn);
return result;