Wipe memory after using key material (incomplete, to be continued)

9 files changed, 43 insertions, 24 deletions

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4bf30fa32..ace8002a6 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -889,6 +889,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 	struct nlmsghdr *hdr;
 	struct xfrm_usersa_info *sa;
 	u_int16_t icv_size = 64;
+	status_t status = FAILED;
 
 	/* if IPComp is used, we install an additional IPComp SA. if the cpi is 0
 	 * we are in the recursive call below */
@@ -983,7 +984,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			{
 				DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
 					 encryption_algorithm_names, enc_alg);
-				return FAILED;
+				goto failed;
 			}
 			DBG2(DBG_KNL, "  using encryption algorithm %N with key size %d",
 				 encryption_algorithm_names, enc_alg, enc_key.len * 8);
@@ -993,7 +994,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 			if (hdr->nlmsg_len > sizeof(request))
 			{
-				return FAILED;
+				goto failed;
 			}
 
 			algo = (struct xfrm_algo_aead*)RTA_DATA(rthdr);
@@ -1014,7 +1015,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			{
 				DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
 					 encryption_algorithm_names, enc_alg);
-				return FAILED;
+				goto failed;
 			}
 			DBG2(DBG_KNL, "  using encryption algorithm %N with key size %d",
 				 encryption_algorithm_names, enc_alg, enc_key.len * 8);
@@ -1024,7 +1025,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 			if (hdr->nlmsg_len > sizeof(request))
 			{
-				return FAILED;
+				goto failed;
 			}
 
 			algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1043,7 +1044,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		{
 			DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
 				 integrity_algorithm_names, int_alg);
-			return FAILED;
+			goto failed;
 		}
 		DBG2(DBG_KNL, "  using integrity algorithm %N with key size %d",
 			 integrity_algorithm_names, int_alg, int_key.len * 8);
@@ -1060,7 +1061,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 			if (hdr->nlmsg_len > sizeof(request))
 			{
-				return FAILED;
+				goto failed;
 			}
 
 			algo = (struct xfrm_algo_auth*)RTA_DATA(rthdr);
@@ -1079,7 +1080,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 			if (hdr->nlmsg_len > sizeof(request))
 			{
-				return FAILED;
+				goto failed;
 			}
 
 			algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1098,7 +1099,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		{
 			DBG1(DBG_KNL, "algorithm %N not supported by kernel!",
 				 ipcomp_transform_names, ipcomp);
-			return FAILED;
+			goto failed;
 		}
 		DBG2(DBG_KNL, "  using compression algorithm %N",
 			 ipcomp_transform_names, ipcomp);
@@ -1107,7 +1108,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 		if (hdr->nlmsg_len > sizeof(request))
 		{
-			return FAILED;
+			goto failed;
 		}
 
 		struct xfrm_algo* algo = (struct xfrm_algo*)RTA_DATA(rthdr);
@@ -1127,7 +1128,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 		if (hdr->nlmsg_len > sizeof(request))
 		{
-			return FAILED;
+			goto failed;
 		}
 
 		tmpl = (struct xfrm_encap_tmpl*)RTA_DATA(rthdr);
@@ -1157,7 +1158,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 		if (hdr->nlmsg_len > sizeof(request))
 		{
-			return FAILED;
+			goto failed;
 		}
 
 		mrk = (struct xfrm_mark*)RTA_DATA(rthdr);
@@ -1176,7 +1177,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 		if (hdr->nlmsg_len > sizeof(request))
 		{
-			return FAILED;
+			goto failed;
 		}
 
 		tfcpad = (u_int32_t*)RTA_DATA(rthdr);
@@ -1199,7 +1200,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 			hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
 			if (hdr->nlmsg_len > sizeof(request))
 			{
-				return FAILED;
+				goto failed;
 			}
 
 			replay = (struct xfrm_replay_state_esn*)RTA_DATA(rthdr);
@@ -1230,9 +1231,14 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
 		{
 			DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi));
 		}
-		return FAILED;
+		goto failed;
 	}
-	return SUCCESS;
+
+	status = SUCCESS;
+
+failed:
+	memwipe(request, sizeof(request));
+	return status;
 }
 
 /**
@@ -1333,6 +1339,7 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
 	struct nlmsghdr *out = NULL, *hdr;
 	struct xfrm_usersa_id *sa_id;
 	struct xfrm_usersa_info *sa = NULL;
+	status_t status = FAILED;
 	size_t len;
 
 	memset(&request, 0, sizeof(request));
@@ -1419,11 +1426,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t,
 	if (sa == NULL)
 	{
 		DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi));
-		free(out);
-		return FAILED;
 	}
-	*bytes = sa->curlft.bytes;
-
+	else
+	{
+		*bytes = sa->curlft.bytes;
+		status = SUCCESS;
+	}
+	memwipe(out, len);
 	free(out);
 	return SUCCESS;
 }
@@ -1699,6 +1708,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t,
 failed:
 	free(replay);
 	free(replay_esn);
+	memwipe(out, len);
 	free(out);
 
 	return status;
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index f13e33492..2a1fed944 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -1518,6 +1518,7 @@ METHOD(crypter_t, set_key, void,
 METHOD(crypter_t, destroy, void,
 	private_aes_crypter_t *this)
 {
+	memwipe(this, sizeof(*this));
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index 784c07eaf..fc3649b36 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -160,6 +160,7 @@ METHOD(crypter_t, set_key, void,
 METHOD(crypter_t, destroy, void,
 	private_blowfish_crypter_t *this)
 {
+	memwipe(this, sizeof(*this));
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 7d9fbe852..695e7e4c4 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -1552,6 +1552,7 @@ METHOD(crypter_t, set_key3, void,
 METHOD(crypter_t, destroy, void,
 	private_des_crypter_t *this)
 {
+	memwipe(this, sizeof(*this));
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index c7b2739df..397a1ea11 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -147,8 +147,8 @@ METHOD(hmac_t, destroy, void,
 	private_hmac_t *this)
 {
 	this->h->destroy(this->h);
-	free(this->opaded_key.ptr);
-	free(this->ipaded_key.ptr);
+	chunk_clear(&this->opaded_key);
+	chunk_clear(&this->ipaded_key);
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index 2ed07ff0c..1d322d43d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -152,7 +152,7 @@ METHOD(crypter_t, set_key, void,
 METHOD(crypter_t, destroy, void,
 	private_openssl_crypter_t *this)
 {
-	free(this->key.ptr);
+	clear_chunk(&this->key);
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 32fc2bccd..78ed2811a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -257,7 +257,7 @@ METHOD(diffie_hellman_t, destroy, void,
 {
 	EC_POINT_clear_free(this->pub_key);
 	EC_KEY_free(this->key);
-	chunk_free(&this->shared_secret);
+	chunk_clear(&this->shared_secret);
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index 06c20292f..119de86aa 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -105,6 +105,8 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv,
 	*dst = chunk_alloc(src.len);
 	padlock_crypt(key_aligned, &cword, src.ptr, dst->ptr,
 				  src.len / AES_BLOCK_SIZE, iv_aligned);
+
+	memwipe(key_aligned, sizeof(key_aligned));
 }
 
 METHOD(crypter_t, decrypt, void,
@@ -146,7 +148,7 @@ METHOD(crypter_t, set_key, void,
 METHOD(crypter_t, destroy, void,
 	private_padlock_aes_crypter_t *this)
 {
-	free(this->key.ptr);
+	chunk_clear(&this->key);
 	free(this);
 }
 
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index be18d92b8..8ddde962c 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -236,13 +236,17 @@ METHOD(xcbc_t, set_key, void,
 	memset(k1.ptr, 0x01, this->b);
 	this->k1->encrypt(this->k1, k1, iv, NULL);
 	this->k1->set_key(this->k1, k1);
+
+	memwipe(k1.ptr, k1.len);
 }
 
 METHOD(xcbc_t, destroy, void,
 	private_xcbc_t *this)
 {
 	this->k1->destroy(this->k1);
+	memwipe(this->k2, this->b);
 	free(this->k2);
+	memwipe(this->k3, this->b);
 	free(this->k3);
 	free(this->e);
 	free(this->remaining);