tls: do not leak RSA key

author Denys Vlasenko <vda.linux@googlemail.com>

Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)

committer Denys Vlasenko <vda.linux@googlemail.com>

Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)
author Denys Vlasenko <vda.linux@googlemail.com>
Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)
committer Denys Vlasenko <vda.linux@googlemail.com>
Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)
diff --git a/networking/tls.c b/networking/tls.c

index 9b4298de7a5e6d761c0dbf4104eb3073106445ab..9833a0adbee8152423526f1c722b7d1698ffbcd1 100644 (file)
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -2168,6 +2168,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
         /* application data can be sent/received */
  
         /* free handshake data */
+       psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
  //     if (PARANOIA)
  //             memset(tls->hsd, 0, tls->hsd->hsd_size);
         free(tls->hsd);
diff --git a/networking/tls_rsa.h b/networking/tls_rsa.h

index f42923ff5b9120c645469f7a853e878c1debcf71..82bea2a6745a7aa093b81800e86f6540d67c6978 100644 (file)
--- a/networking/tls_rsa.h
+++ b/networking/tls_rsa.h
@@ -13,6 +13,18 @@ typedef struct {
  //bbox psPool_t *pool;
  } psRsaKey_t;
  
+static ALWAYS_INLINE void psRsaKey_clear(psRsaKey_t *key)
+{
+       pstm_clear(&key->N);
+       pstm_clear(&key->e);
+       pstm_clear(&key->d);
+       pstm_clear(&key->p);
+       pstm_clear(&key->q);
+       pstm_clear(&key->dP);
+       pstm_clear(&key->dQ);
+       pstm_clear(&key->qP);
+}
+
  #define psRsaEncryptPub(pool, key, in, inlen, out, outlen, data) \
          psRsaEncryptPub(      key, in, inlen, out, outlen)
  int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key,
author	Denys Vlasenko <vda.linux@googlemail.com>
	Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Sun, 25 Nov 2018 15:17:26 +0000 (16:17 +0100)
networking/tls.c		patch \| blob \| history
networking/tls_rsa.h		patch \| blob \| history