cert-cred: clear private key data loaded from file

This makes use of the RF_SENSITIVE flag newly added to read_file
function when reading potentially senstive information from a file.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c
index 1d086156abd1b38ef3dd00772bb6e724669538fd..56bc5f658427706cfb11a621d2736a13b8fbbca2 100644 (file)
--- a/lib/cert-cred-rawpk.c
+++ b/lib/cert-cred-rawpk.c
@@ -239,8 +239,6 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
        gnutls_privkey_t privkey;
        gnutls_pubkey_t pubkey;
        gnutls_pcert_st* pcert;
-       gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file
-       size_t key_size;
        gnutls_str_array_t str_names;
        unsigned int i;
 
@@ -291,8 +289,13 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
                }
 
        } else {
+               gnutls_datum_t rawpubkey; // to hold rawpk data from file
+               size_t key_size;
+
                /* Read our raw public-key into memory from file */
-               rawpubkey.data = (void*) read_file(rawpkfile, RF_BINARY, &key_size);
+               rawpubkey.data = (void*) read_file(rawpkfile,
+                                                  RF_BINARY | RF_SENSITIVE,
+                                                  &key_size);
                if (rawpubkey.data == NULL) {
                        gnutls_privkey_deinit(privkey);
 
@@ -307,7 +310,9 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
                ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey,
                                                format, key_usage, 0);
 
-               _gnutls_free_datum(&rawpubkey);
+               zeroize_key(rawpubkey.data, rawpubkey.size);
+               free(rawpubkey.data);
+               rawpubkey.size = 0;
 
                if (ret < 0) {
                        gnutls_privkey_deinit(privkey);

diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c
index 453b832ac248757f542b4f90a63bcf91d395b923..04aa3169b6e20eacf392b45cd062fd5ed3817b88 100644 (file)
--- a/lib/cert-cred-x509.c
+++ b/lib/cert-cred-x509.c
@@ -588,7 +588,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res,
                            (GNUTLS_E_UNIMPLEMENTED_FEATURE);
        }
 
-       data = read_file(keyfile, RF_BINARY, &size);
+       data = read_file(keyfile, RF_BINARY | RF_SENSITIVE, &size);
 
        if (data == NULL) {
                gnutls_assert();
@@ -596,6 +596,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res,
        }
 
        ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey);
+       zeroize_key(data, size);
        free(data);
 
        return ret;
@@ -1447,7 +1448,8 @@ int
        size_t size;
        int ret;
 
-       p12blob.data = (void *) read_file(pkcs12file, RF_BINARY, &size);
+       p12blob.data = (void *) read_file(pkcs12file, RF_BINARY | RF_SENSITIVE,
+                                         &size);
        p12blob.size = (unsigned int) size;
        if (p12blob.data == NULL) {
                gnutls_assert();
@@ -1457,7 +1459,9 @@ int
        ret =
            gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob,
                                                          type, password);
+       zeroize_key(p12blob.data, p12blob.size);
        free(p12blob.data);
+       p12blob.size = 0;
 
        return ret;
 }