Removed the wipe_pw routine as it could result in segfaults when a static key is used.

git-svn-id: file:///home/mbr/svn/fwknop/trunk@147 510a4753-2344-4c79-9c09-4d669213fbeb

lib/Makefile.am

@@ -1,4 +1,4 @@
-lib_LTLIBRARIES = libfko.la
+lib_LTLIBRARIES     = libfko.la
 
 libfko_source_files = \
     base64.c base64.h cipher_funcs.c cipher_funcs.h digest.c digest.h \
@@ -9,10 +9,10 @@ libfko_source_files = \
     rijndael.c rijndael.h sha1.c sha1.h sha2.c sha2.h strlcat.c \
     strlcpy.c fko_state.h fko_context.h gpgme_funcs.c gpgme_funcs.h
 
-libfko_la_SOURCES = $(libfko_source_files)
-libfko_la_LDFLAGS = -version-info 0:1:0 $(GPGME_LIBS)
+libfko_la_SOURCES   = $(libfko_source_files)
 
-AM_CPPFLAGS = $(GPGME_CFLAGS)
+libfko_la_LDFLAGS   = -version-info 0:1:0 $(GPGME_LIBS)
 
-include_HEADERS = fko.h
+AM_CPPFLAGS         = $(GPGME_CFLAGS)
 
+include_HEADERS     = fko.h

lib/fko_encryption.c

@@ -37,15 +37,6 @@
 
 #define B64_RIJNDAEL_SALT "U2FsdGVkX1"
 
-/* Wipe out the password buffer.
-*/
-void
-wipe_pw(char *pw)
-{
-    if(pw != NULL)
-        bzero(pw, strlen(pw));
-}
-
 /* Prep and encrypt using Rijndael
 */
 int
@@ -337,8 +328,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
     */
     if(!CTX_INITIALIZED(ctx))
     {
-        res = FKO_ERROR_CTX_NOT_INITIALIZED;
-        goto EWIPEOUT;
+        return(FKO_ERROR_CTX_NOT_INITIALIZED);
     }
 
     /* If there is no encoded data or the SPA data has been modified,
@@ -348,7 +338,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
         res = fko_encode_spa_data(ctx);
 
     if(res)
-        goto EWIPEOUT;
+        return(res);
 
     /* Croak on invalid encoded message as well. At present this is a
      * check for a somewhat arbitrary minimum length for the encoded
@@ -356,8 +346,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
     */
     if(strlen(ctx->encoded_msg) < MIN_SPA_ENCODED_MSG_SIZE)
     {
-        res = FKO_ERROR_MISSING_ENCODED_DATA;
-        goto EWIPEOUT;
+        return(FKO_ERROR_MISSING_ENCODED_DATA);
     }
 
     /* Encrypt according to type and return...
@@ -373,9 +362,6 @@ fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
     else
         res = FKO_ERROR_INVALID_ENCRYPTION_TYPE;
 
-EWIPEOUT:
-    wipe_pw(enc_key);
-
     return(res);
 }
 
@@ -392,8 +378,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, char *dec_key)
     if(ctx->encrypted_msg == NULL
       || strlen(ctx->encrypted_msg) <  MIN_SPA_ENCODED_MSG_SIZE)
     {
-        res = FKO_ERROR_INVALID_DATA;
-        goto DWIPEOUT;
+        return(FKO_ERROR_INVALID_DATA);
     }
 
     /* Determine type of encryption used.  For know, we are using the
@@ -419,9 +404,6 @@ fko_decrypt_spa_data(fko_ctx_t ctx, char *dec_key)
         res = _rijndael_decrypt(ctx, dec_key, b64_len);
     }
 
-DWIPEOUT:
-    wipe_pw(dec_key);
-
     return(res);
 }