KittyPatch/kitty
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mlock() the returned private key to prevent it from being saved to swap

Browse Source
This commit is contained in:
Kovid Goyal 2022-08-04 11:08:54 +05:30
parent adf47bed89
commit 183a31c884
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
kitty/crypto.c
View File

@ -12,6 +12,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <sys/mman.h>
typedef struct { typedef struct {
PyObject_HEAD PyObject_HEAD
@ -72,10 +73,10 @@ static PyObject*
elliptic_curve_key_get_public(EllipticCurveKey *self, void UNUSED *closure) { elliptic_curve_key_get_public(EllipticCurveKey *self, void UNUSED *closure) {
/* PEM_write_PUBKEY(stdout, pkey); */ /* PEM_write_PUBKEY(stdout, pkey); */
size_t len = 0; size_t len = 0;
if (1 != EVP_PKEY_get_raw_public_key(self->key, NULL, &len)) return set_error_from_openssl("Could not get public key from EVP_KEY"); if (1 != EVP_PKEY_get_raw_public_key(self->key, NULL, &len)) return set_error_from_openssl("Could not get public key from EVP_PKEY");
PyObject *ans = PyBytes_FromStringAndSize(NULL, len); PyObject *ans = PyBytes_FromStringAndSize(NULL, len);
if (!ans) return NULL; if (!ans) return NULL;
if (1 != EVP_PKEY_get_raw_public_key(self->key, (unsigned char*)PyBytes_AS_STRING(ans), &len)) return set_error_from_openssl("Could not get public key from EVP_KEY"); if (1 != EVP_PKEY_get_raw_public_key(self->key, (unsigned char*)PyBytes_AS_STRING(ans), &len)) { Py_CLEAR(ans); return set_error_from_openssl("Could not get public key from EVP_PKEY"); }
return ans; return ans;
} }
@ -84,10 +85,11 @@ elliptic_curve_key_get_public(EllipticCurveKey *self, void UNUSED *closure) {
static PyObject* static PyObject*
elliptic_curve_key_get_private(EllipticCurveKey *self, void UNUSED *closure) { elliptic_curve_key_get_private(EllipticCurveKey *self, void UNUSED *closure) {
size_t len = 0; size_t len = 0;
if (1 != EVP_PKEY_get_raw_private_key(self->key, NULL, &len)) return set_error_from_openssl("Could not get public key from EVP_KEY"); if (1 != EVP_PKEY_get_raw_private_key(self->key, NULL, &len)) return set_error_from_openssl("Could not get public key from EVP_PKEY");
PyObject *ans = PyBytes_FromStringAndSize(NULL, len); PyObject *ans = PyBytes_FromStringAndSize(NULL, len);
if (!ans) return NULL; if (!ans) return NULL;
if (1 != EVP_PKEY_get_raw_private_key(self->key, (unsigned char*)PyBytes_AS_STRING(ans), &len)) return set_error_from_openssl("Could not get public key from EVP_KEY"); mlock(PyBytes_AS_STRING(ans), len);
if (1 != EVP_PKEY_get_raw_private_key(self->key, (unsigned char*)PyBytes_AS_STRING(ans), &len)) { Py_CLEAR(ans); return set_error_from_openssl("Could not get public key from EVP_PKEY"); }
return ans; return ans;
} }