tls: do not leak RSA key

function                                             old     new   delta
tls_handshake                                       1957    2059    +102

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2018-11-25 16:17:26 +01:00
parent eb53d01be5
commit a6192f347f
2 changed files with 13 additions and 0 deletions

View File

@ -2168,6 +2168,7 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
/* application data can be sent/received */ /* application data can be sent/received */
/* free handshake data */ /* free handshake data */
psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
// if (PARANOIA) // if (PARANOIA)
// memset(tls->hsd, 0, tls->hsd->hsd_size); // memset(tls->hsd, 0, tls->hsd->hsd_size);
free(tls->hsd); free(tls->hsd);

View File

@ -13,6 +13,18 @@ typedef struct {
//bbox psPool_t *pool; //bbox psPool_t *pool;
} psRsaKey_t; } psRsaKey_t;
static ALWAYS_INLINE void psRsaKey_clear(psRsaKey_t *key)
{
pstm_clear(&key->N);
pstm_clear(&key->e);
pstm_clear(&key->d);
pstm_clear(&key->p);
pstm_clear(&key->q);
pstm_clear(&key->dP);
pstm_clear(&key->dQ);
pstm_clear(&key->qP);
}
#define psRsaEncryptPub(pool, key, in, inlen, out, outlen, data) \ #define psRsaEncryptPub(pool, key, in, inlen, out, outlen, data) \
psRsaEncryptPub( key, in, inlen, out, outlen) psRsaEncryptPub( key, in, inlen, out, outlen)
int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key, int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key,