{
struct aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct ccm_aarch64_aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct aes_gcm_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct aarch64_hmac_ctx *ctx = hd;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
ctx.update(&ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
{
struct aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct ccm_x86_aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct gcm_padlock_aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct gcm_x86_aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct aes_gcm_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct aes_gcm_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct gcm_x86_aes_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct padlock_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct x86_aes_xts_ctx *ctx = _ctx;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
{
struct padlock_hmac_ctx *ctx = hd;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
text_size + SHA1_DATA_SIZE,
&pad2[SHA1_DATA_SIZE]);
- zeroize_temp_key(pad, text_size + SHA1_DATA_SIZE);
+ zeroize_key(pad, text_size + SHA1_DATA_SIZE);
gnutls_free(pad);
memset(pad2, OPAD, SHA1_DATA_SIZE);
wrap_padlock_hash_fast((gnutls_digest_algorithm_t)algo, pad2,
digest_size + SHA1_DATA_SIZE, digest);
- zeroize_temp_key(pad2, sizeof(pad2));
- zeroize_temp_key(hkey, sizeof(hkey));
+ zeroize_key(pad2, sizeof(pad2));
+ zeroize_key(hkey, sizeof(hkey));
} else {
struct padlock_hmac_ctx ctx;
int ret;
wrap_padlock_hmac_output(&ctx, digest, ctx.length);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
}
return 0;
{
struct x86_hmac_ctx *ctx = hd;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
ctx.update(&ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
} else { /* In DHE_PSK the key is set differently */
ret = _gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
- _gnutls_free_temp_key_datum(&tmp_dh_key);
+ _gnutls_free_key_datum(&tmp_dh_key);
}
if (ret < 0) {
session->key.key.size = tmp_dh_key.size;
} else { /* In DHE_PSK the key is set differently */
ret = _gnutls_set_psk_session_key(session, pskkey, &tmp_dh_key);
- _gnutls_free_temp_key_datum(&tmp_dh_key);
+ _gnutls_free_key_datum(&tmp_dh_key);
}
if (ret < 0) {
cleanup:
if (free) {
_gnutls_free_datum(&username);
- _gnutls_free_temp_key_datum(&key);
+ _gnutls_free_key_datum(&key);
}
return ret;
cleanup:
if (free) {
_gnutls_free_datum(&username);
- _gnutls_free_temp_key_datum(&key);
+ _gnutls_free_key_datum(&key);
}
return ret;
} else {
ret = _gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
- _gnutls_free_temp_key_datum(&tmp_dh_key);
+ _gnutls_free_key_datum(&tmp_dh_key);
if (ret < 0) {
ret = gnutls_assert_val(ret);
ret = 0;
error:
- _gnutls_free_temp_key_datum(&pwd_psk);
+ _gnutls_free_key_datum(&pwd_psk);
return ret;
}
cleanup:
if (free) {
gnutls_free(username.data);
- _gnutls_free_temp_key_datum(&key);
+ _gnutls_free_key_datum(&key);
}
return ret;
cleanup:
_gnutls_free_datum(&sdata);
- _gnutls_free_temp_key_datum(&premaster_secret);
+ _gnutls_free_key_datum(&premaster_secret);
if (free) {
- _gnutls_free_temp_key_datum(&key);
+ _gnutls_free_key_datum(&key);
gnutls_free(username.data);
}
_gnutls_mpi_log("SRP B: ", B);
- zrelease_temp_mpi_key(&_b);
- zrelease_temp_mpi_key(&V);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
- zrelease_temp_mpi_key(&B);
+ zrelease_mpi_key(&_b);
+ zrelease_mpi_key(&V);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.u);
+ zrelease_mpi_key(&B);
ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key,
&session->key.key);
- zrelease_temp_mpi_key(&S);
+ zrelease_mpi_key(&S);
if (ret < 0) {
gnutls_assert();
_gnutls_mpi_log("SRP S: ", S);
_gnutls_mpi_release(&A);
- zrelease_temp_mpi_key(&_b);
- zrelease_temp_mpi_key(&V);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
- zrelease_temp_mpi_key(&B);
+ zrelease_mpi_key(&_b);
+ zrelease_mpi_key(&V);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.u);
+ zrelease_mpi_key(&B);
ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key,
&session->key.key);
- zrelease_temp_mpi_key(&S);
+ zrelease_mpi_key(&S);
if (ret < 0) {
gnutls_assert();
static inline void free_record_state(record_state_st *state)
{
- zeroize_temp_key(state->mac_key, state->mac_key_size);
- zeroize_temp_key(state->iv, state->iv_size);
- zeroize_temp_key(state->key, state->key_size);
+ zeroize_key(state->mac_key, state->mac_key_size);
+ zeroize_key(state->iv, state->iv_size);
+ zeroize_key(state->key, state->key_size);
if (state->is_aead)
_gnutls_aead_cipher_deinit(&state->ctx.aead);
}
}
-inline static ATTRIBUTE_NONNULL() void _gnutls_free_temp_key_datum(
- gnutls_datum_t *dat)
-{
- if (dat->data != NULL) {
- zeroize_temp_key(dat->data, dat->size);
- gnutls_free(dat->data);
- }
-
- dat->size = 0;
-}
-
inline static ATTRIBUTE_NONNULL() void _gnutls_free_key_datum(
gnutls_datum_t *dat)
{
}
if (!keep_premaster)
- _gnutls_free_temp_key_datum(premaster);
+ _gnutls_free_key_datum(premaster);
if (ret < 0)
return ret;
#define zeroize_key(x, size) gnutls_memset(x, 0, size)
-#define zeroize_temp_key zeroize_key
-#define zrelease_temp_mpi_key zrelease_mpi_key
-
static inline void _gnutls_memory_mark_undefined(void *addr, size_t size)
{
#ifdef HAVE_SANITIZER_ASAN_INTERFACE_H
{
struct nettle_cipher_ctx *ctx = _ctx;
- zeroize_temp_key(ctx->ctx_ptr, ctx->cipher->ctx_size);
+ zeroize_key(ctx->ctx_ptr, ctx->cipher->ctx_size);
gnutls_free(ctx);
}
cek->data);
if (ret == 0) {
gnutls_assert();
- _gnutls_free_temp_key_datum(cek);
+ _gnutls_free_key_datum(cek);
return GNUTLS_E_DECRYPTION_FAILED;
}
ctx.update(&ctx, text_size, text);
ctx.digest(&ctx, ctx.length, digest);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
{
struct nettle_mac_ctx *ctx = hd;
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
ctx.update(&ctx, text_size, text);
}
ctx.digest(&ctx, ctx.length, digest);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length, keysize, key,
output);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
ctx.set_key(&ctx, keysize, key);
hkdf_expand(&ctx.ctx, ctx.update, ctx.digest, ctx.length, infosize,
info, length, output);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
ctx.set_key(&ctx, keysize, key);
pbkdf2(&ctx.ctx, ctx.update, ctx.digest, ctx.length, iter_count,
saltsize, salt, length, output);
- zeroize_temp_key(&ctx, sizeof(ctx));
+ zeroize_key(&ctx, sizeof(ctx));
return 0;
}
dh_cleanup:
_gnutls_mpi_release(&r);
_gnutls_mpi_release(&primesub1);
- zrelease_temp_mpi_key(&k);
+ zrelease_mpi_key(&k);
if (ret < 0)
goto cleanup;
static int init_gmac_params(struct p11_mac_ctx *ctx)
{
- zeroize_temp_key(&ctx->params, sizeof(ctx->params));
+ zeroize_key(&ctx->params, sizeof(ctx->params));
ctx->params_size = sizeof(CK_GCM_PARAMS);
ctx->params.gcm.ulTagBits = ctx->mac->length * 8;
return 0;
{
gnutls_free(ctx->params.gcm.pIv);
gnutls_free(ctx->params.gcm.pAAD);
- zeroize_temp_key(&ctx->params, sizeof(ctx->params));
+ zeroize_key(&ctx->params, sizeof(ctx->params));
ctx->params_size = 0;
}
_p11_provider_close_session(ctx->session);
if (ctx->mac->free_params != NULL)
ctx->mac->free_params(ctx);
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
struct p11_digest_ctx *ctx = _ctx;
_p11_provider_close_session(ctx->session);
- zeroize_temp_key(ctx, sizeof(*ctx));
+ zeroize_key(ctx, sizeof(*ctx));
gnutls_free(ctx);
}
void reset_binders(gnutls_session_t session)
{
- _gnutls_free_temp_key_datum(&session->key.binders[0].psk);
- _gnutls_free_temp_key_datum(&session->key.binders[1].psk);
+ _gnutls_free_key_datum(&session->key.binders[0].psk);
+ _gnutls_free_key_datum(&session->key.binders[1].psk);
memset(session->key.binders, 0, sizeof(session->key.binders));
session->internals.hsk_flags &= ~HSK_PSK_SELECTED;
}
if (!vers->tls13_sem && session->key.binders[0].prf == NULL) {
gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params);
gnutls_pk_params_release(&session->key.proto.tls12.dh.params);
- zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.x);
- zrelease_temp_mpi_key(&session->key.proto.tls12.ecdh.y);
- _gnutls_free_temp_key_datum(&session->key.proto.tls12.ecdh.raw);
+ zrelease_mpi_key(&session->key.proto.tls12.ecdh.x);
+ zrelease_mpi_key(&session->key.proto.tls12.ecdh.y);
+ _gnutls_free_key_datum(&session->key.proto.tls12.ecdh.raw);
- zrelease_temp_mpi_key(&session->key.proto.tls12.dh.client_Y);
+ zrelease_mpi_key(&session->key.proto.tls12.dh.client_Y);
/* SRP */
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_p);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_g);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.srp_key);
-
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.a);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.x);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.A);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.B);
- zrelease_temp_mpi_key(&session->key.proto.tls12.srp.b);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.srp_p);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.srp_g);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.srp_key);
+
+ zrelease_mpi_key(&session->key.proto.tls12.srp.u);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.a);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.x);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.A);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.B);
+ zrelease_mpi_key(&session->key.proto.tls12.srp.b);
} else {
gnutls_memset(session->key.proto.tls13.temp_secret, 0,
sizeof(session->key.proto.tls13.temp_secret));
}
reset_binders(session);
- _gnutls_free_temp_key_datum(&session->key.key);
+ _gnutls_free_key_datum(&session->key.key);
}
/* An internal version of _gnutls_handshake_internal_state_clear(),
inline static void tls13_ticket_deinit(tls13_ticket_st *ticket)
{
- zeroize_temp_key(&ticket->resumption_master_secret,
- sizeof(ticket->resumption_master_secret));
+ zeroize_key(&ticket->resumption_master_secret,
+ sizeof(ticket->resumption_master_secret));
_gnutls_free_datum(&ticket->ticket);
memset(ticket, 0, sizeof(tls13_ticket_st));
return TSS2_ESYS_RC_GENERAL_FAILURE;
if (output.size > max_out_size) {
- zeroize_temp_key(output.data, output.size);
+ zeroize_key(output.data, output.size);
return TSS2_ESYS_RC_INSUFFICIENT_BUFFER;
}
memcpy(out_buffer, output.data, output.size);
*out_size = output.size;
- zeroize_temp_key(output.data, output.size);
+ zeroize_key(output.data, output.size);
return TSS2_RC_SUCCESS;
}
ret = 0;
cleanup:
- _gnutls_free_temp_key_datum(&tmp_vko_key);
+ _gnutls_free_key_datum(&tmp_vko_key);
return ret;
}
ret = gnutls_cipher_init(&ch, ce->id, &dkey, &d_iv);
- zeroize_temp_key(key, key_size);
+ zeroize_key(key, key_size);
gnutls_free(key);
if (ret < 0) {
cleanup:
if (password) {
- zeroize_temp_key(password, pass_len);
+ zeroize_key(password, pass_len);
gnutls_free(password);
}
error:
if (password) {
- zeroize_temp_key(password, pass_len);
+ zeroize_key(password, pass_len);
gnutls_free(password);
}
if (enc.data) {
- zeroize_temp_key(enc.data, enc.size);
+ zeroize_key(enc.data, enc.size);
gnutls_free(enc.data);
}
if (key) {
- zeroize_temp_key(key, key_size);
+ zeroize_key(key, key_size);
gnutls_free(key);
}
if (ch) {
cleanup:
if (need_free) {
- zeroize_temp_key(_data.data, _data.size);
+ zeroize_key(_data.data, _data.size);
_gnutls_free_datum(&_data);
}
asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE);
key->params.algo = GNUTLS_PK_UNKNOWN;
if (need_free) {
- zeroize_temp_key(_data.data, _data.size);
+ zeroize_key(_data.data, _data.size);
_gnutls_free_datum(&_data);
}
return result;
projects / thirdparty / gnutls.git / commitdiff
