summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2017-05-06 20:57:45 +0000
committerjsing <>2017-05-06 20:57:45 +0000
commit7046952f9f5fae47726c165667e46169d74cdfae (patch)
treeebe437a0263ffd3bc7f16f0f1244fea73c05603c /src
parent7f30b538d9c825a59a9a9028931e2f2094cf5a2a (diff)
downloadopenbsd-7046952f9f5fae47726c165667e46169d74cdfae.tar.gz
openbsd-7046952f9f5fae47726c165667e46169d74cdfae.tar.bz2
openbsd-7046952f9f5fae47726c165667e46169d74cdfae.zip
Provide a tls_unload_file() function, that frees the memory returned from
a tls_load_file() call, ensuring that it the contents become inaccessible. This is specifically needed on platforms where the library allocators may be different from the application allocator. ok beck@
Diffstat (limited to '')
-rw-r--r--src/lib/libtls/Symbols.list1
-rw-r--r--src/lib/libtls/tls.h3
-rw-r--r--src/lib/libtls/tls_util.c8
3 files changed, 10 insertions, 2 deletions
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 248784a488..3124c64211 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -79,4 +79,5 @@ tls_peer_ocsp_url
79tls_read 79tls_read
80tls_reset 80tls_reset
81tls_server 81tls_server
82tls_unload_file
82tls_write 83tls_write
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index c9da8aa06e..4fad4518f2 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.h,v 1.48 2017/04/05 03:19:22 beck Exp $ */ 1/* $OpenBSD: tls.h,v 1.49 2017/05/06 20:57:45 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -187,6 +187,7 @@ const char *tls_conn_servername(struct tls *_ctx);
187const char *tls_conn_version(struct tls *_ctx); 187const char *tls_conn_version(struct tls *_ctx);
188 188
189uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); 189uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
190void tls_unload_file(uint8_t *_buf, size_t len);
190 191
191int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response, 192int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
192 size_t _size); 193 size_t _size);
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
index dbb2d170d5..c643b4a9f6 100644
--- a/src/lib/libtls/tls_util.c
+++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_util.c,v 1.5 2016/11/04 15:59:16 jsing Exp $ */ 1/* $OpenBSD: tls_util.c,v 1.6 2017/05/06 20:57:45 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> 4 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -178,3 +178,9 @@ tls_load_file(const char *name, size_t *len, char *password)
178 178
179 return (NULL); 179 return (NULL);
180} 180}
181
182void
183tls_unload_file(uint8_t *buf, size_t len)
184{
185 freezero(buf, len);
186}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 10:20:18 +0000