Wipe (some) secrets from memory after use

[tinc] / src / keys.c
diff --git a/src/keys.c b/src/keys.c

index 5f93a5a..ac99ac4 100644 (file)
--- a/src/keys.c
+++ b/src/keys.c
@@ -79,7 +79,7 @@ bool disable_old_keys(const char *filename, const char *what) {
                         return false;
                 }
  
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
                 // We cannot atomically replace files on Windows.
                 char bakfile[PATH_MAX] = "";
                 snprintf(bakfile, sizeof(bakfile), "%s.bak", filename);
@@ -95,7 +95,7 @@ bool disable_old_keys(const char *filename, const char *what) {
                         return false;
                 }
  
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
                 unlink(bakfile);
  #endif
                 fprintf(stderr, "Warning: old key(s) found and disabled.\n");
@@ -128,7 +128,7 @@ ecdsa_t *read_ecdsa_private_key(splay_tree_t *config_tree, char **keyfile) {
                 return NULL;
         }
  
-#ifndef HAVE_MINGW
+#ifndef HAVE_WINDOWS
         struct stat s;
  
         if(fstat(fileno(fp), &s)) {
@@ -227,13 +227,13 @@ rsa_t *read_rsa_private_key(splay_tree_t *config_tree, char **keyfile) {
         if(get_config_string(rsa_priv_conf, &d)) {
                 if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
                         logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!");
-                       free(d);
+                       free_string(d);
                         return NULL;
                 }
  
                 key = rsa_set_hex_private_key(n, "FFFF", d);
                 free(n);
-               free(d);
+               free_string(d);
  
                 if(key && keyfile && rsa_priv_conf->file) {
                         *keyfile = xstrdup(rsa_priv_conf->file);
@@ -262,7 +262,7 @@ rsa_t *read_rsa_private_key(splay_tree_t *config_tree, char **keyfile) {
                 return NULL;
         }
  
-#ifndef HAVE_MINGW
+#ifndef HAVE_WINDOWS
         struct stat s;
  
         if(fstat(fileno(fp), &s)) {
@@ -295,7 +295,7 @@ rsa_t *read_rsa_private_key(splay_tree_t *config_tree, char **keyfile) {
         return key;
  }
  
-bool read_rsa_public_key(rsa_t **rsa, splay_tree_t *config_tree, const char *name) {
+rsa_t *read_rsa_public_key(splay_tree_t *config_tree, const char *name) {
         FILE *fp;
         char *fname;
         char *n;
@@ -303,9 +303,9 @@ bool read_rsa_public_key(rsa_t **rsa, splay_tree_t *config_tree, const char *nam
         /* First, check for simple PublicKey statement */
  
         if(get_config_string(lookup_config(config_tree, "PublicKey"), &n)) {
-               *rsa = rsa_set_hex_public_key(n, "FFFF");
+               rsa_t *rsa = rsa_set_hex_public_key(n, "FFFF");
                 free(n);
-               return *rsa != NULL;
+               return rsa;
         }
  
         /* Else, check for PublicKeyFile statement and read it */
@@ -322,15 +322,15 @@ bool read_rsa_public_key(rsa_t **rsa, splay_tree_t *config_tree, const char *nam
                 return false;
         }
  
-       *rsa = rsa_read_pem_public_key(fp);
+       rsa_t *rsa = rsa_read_pem_public_key(fp);
         fclose(fp);
  
-       if(!*rsa) {
+       if(!rsa) {
                 logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno));
         }
  
         free(fname);
  
-       return *rsa != NULL;
+       return rsa;
  }
  #endif