File gnutls-zeroization-API-functions.patch of Package gnutls.28150
From 1f41e967817a86df007bec9ab7c9131811b5530d Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Mon, 11 Apr 2022 16:04:38 +0200
Subject: [PATCH] Add zeroization of some critical security parameters to
comply with FIPS-140-3 requirements
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
lib/accelerated/aarch64/hmac-sha-aarch64.c | 5 ++++-
lib/accelerated/x86/hmac-padlock.c | 8 +++++++-
lib/accelerated/x86/hmac-x86-ssse3.c | 5 ++++-
lib/nettle/mac.c | 4 ++++
lib/x509/pkcs7-crypt.c | 21 +++++++++++++++++----
lib/x509/privkey.c | 6 ++++--
lib/x509/privkey_pkcs8.c | 4 +++-
7 files changed, 43 insertions(+), 10 deletions(-)
diff --git a/lib/accelerated/aarch64/hmac-sha-aarch64.c b/lib/accelerated/aarch64/hmac-sha-aarch64.c
index 47d6c516ce..4748a546c5 100644
--- a/lib/accelerated/aarch64/hmac-sha-aarch64.c
+++ b/lib/accelerated/aarch64/hmac-sha-aarch64.c
@@ -276,7 +276,10 @@ wrap_aarch64_hmac_output(void *src_ctx, void *digest, size_t digestsize)
static void wrap_aarch64_hmac_deinit(void *hd)
{
- gnutls_free(hd);
+ struct aarch64_hmac_ctx *ctx = hd;
+
+ zeroize_temp_key(ctx, sizeof(*ctx));
+ gnutls_free(ctx);
}
static int wrap_aarch64_hmac_fast(gnutls_mac_algorithm_t algo,
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
index 9bbd55561a..9cb373fe4a 100644
--- a/lib/accelerated/x86/hmac-padlock.c
+++ b/lib/accelerated/x86/hmac-padlock.c
@@ -280,7 +280,10 @@ wrap_padlock_hmac_output(void *src_ctx, void *digest, size_t digestsize)
static void wrap_padlock_hmac_deinit(void *hd)
{
- gnutls_free(hd);
+ struct padlock_hmac_ctx *ctx = hd;
+
+ zeroize_temp_key(ctx, sizeof(*ctx));
+ gnutls_free(ctx);
}
static int
@@ -316,6 +319,7 @@ wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo,
pad, text_size + SHA1_DATA_SIZE,
&pad2[SHA1_DATA_SIZE]);
+ zeroize_temp_key(pad, text_size + SHA1_DATA_SIZE);
gnutls_free(pad);
memset(pad2, OPAD, SHA1_DATA_SIZE);
@@ -325,6 +329,8 @@ wrap_padlock_hmac_fast(gnutls_mac_algorithm_t algo,
pad2, digest_size + SHA1_DATA_SIZE,
digest);
+ zeroize_temp_key(pad2, sizeof(pad2));
+ zeroize_temp_key(hkey, sizeof(hkey));
} else {
struct padlock_hmac_ctx ctx;
int ret;
diff --git a/lib/accelerated/x86/hmac-x86-ssse3.c b/lib/accelerated/x86/hmac-x86-ssse3.c
index f4ead02c47..8a60100905 100644
--- a/lib/accelerated/x86/hmac-x86-ssse3.c
+++ b/lib/accelerated/x86/hmac-x86-ssse3.c
@@ -275,7 +275,10 @@ wrap_x86_hmac_output(void *src_ctx, void *digest, size_t digestsize)
static void wrap_x86_hmac_deinit(void *hd)
{
- gnutls_free(hd);
+ struct x86_hmac_ctx *ctx = hd;
+
+ zeroize_temp_key(ctx, sizeof(*ctx));
+ gnutls_free(ctx);
}
static int wrap_x86_hmac_fast(gnutls_mac_algorithm_t algo,
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 35e070fab0..4ea47e40e8 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -792,6 +792,7 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
ctx.update(&ctx, text_size, text);
}
ctx.digest(&ctx, ctx.length, digest);
+ zeroize_temp_key(&ctx, sizeof(ctx));
return 0;
}
@@ -872,6 +873,7 @@ wrap_nettle_hkdf_extract (gnutls_mac_algorithm_t mac,
hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
keysize, key, output);
+ zeroize_temp_key(&ctx, sizeof(ctx));
return 0;
}
@@ -891,6 +893,7 @@ wrap_nettle_hkdf_expand (gnutls_mac_algorithm_t mac,
ctx.set_key(&ctx, keysize, key);
hkdf_expand(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
infosize, info, length, output);
+ zeroize_temp_key(&ctx, sizeof(ctx));
return 0;
}
@@ -912,6 +915,7 @@ wrap_nettle_pbkdf2 (gnutls_mac_algorithm_t mac,
ctx.set_key(&ctx, keysize, key);
pbkdf2(&ctx.ctx, ctx.update, ctx.digest, ctx.length,
iter_count, saltsize, salt, length, output);
+ zeroize_temp_key(&ctx, sizeof(ctx));
return 0;
}
diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index 2dc5bc4df0..59eddcd2a4 100644
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -1238,6 +1238,7 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn,
ret = gnutls_cipher_init(&ch, ce->id, &dkey, &d_iv);
+ zeroize_temp_key(key, key_size);
gnutls_free(key);
if (ret < 0) {
@@ -1282,14 +1283,26 @@ _gnutls_pkcs_raw_decrypt_data(schema_id schema, asn1_node pkcs8_asn,
ret = 0;
cleanup:
- gnutls_free(password);
+ if (password) {
+ zeroize_temp_key(password, pass_len);
+ gnutls_free(password);
+ }
return ret;
error:
- gnutls_free(password);
- gnutls_free(enc.data);
- gnutls_free(key);
+ if (password) {
+ zeroize_temp_key(password, pass_len);
+ gnutls_free(password);
+ }
+ if (enc.data) {
+ zeroize_temp_key(enc.data, enc.size);
+ gnutls_free(enc.data);
+ }
+ if (key) {
+ zeroize_temp_key(key, key_size);
+ gnutls_free(key);
+ }
if (ch) {
gnutls_cipher_deinit(ch);
}
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index d1ba65c90f..792a4134d7 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -64,7 +64,7 @@ void _gnutls_x509_privkey_reinit(gnutls_x509_privkey_t key)
gnutls_pk_params_clear(&key->params);
gnutls_pk_params_release(&key->params);
/* avoid re-use of fields which may have had some sensible value */
- memset(&key->params, 0, sizeof(key->params));
+ zeroize_key(&key->params, sizeof(key->params));
if (key->key)
asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE);
@@ -614,8 +614,10 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
}
cleanup:
- if (need_free)
+ if (need_free) {
+ zeroize_temp_key(_data.data, _data.size);
_gnutls_free_datum(&_data);
+ }
/* The key has now been decoded.
*/
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 4aa8993307..78c152a605 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1666,8 +1666,10 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key,
cleanup:
asn1_delete_structure2(&key->key, ASN1_DELETE_FLAG_ZEROIZE);
key->params.algo = GNUTLS_PK_UNKNOWN;
- if (need_free)
+ if (need_free) {
+ zeroize_temp_key(_data.data, _data.size);
_gnutls_free_datum(&_data);
+ }
return result;
}
--
GitLab
