3 files changed, 10 insertions, 2 deletions

diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 248784a488..3124c64211 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -79,4 +79,5 @@ tls_peer_ocsp_url
 tls_read
 tls_reset
 tls_server
+tls_unload_file
 tls_write
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index c9da8aa06e..4fad4518f2 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.48 2017/04/05 03:19:22 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.49 2017/05/06 20:57:45 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -187,6 +187,7 @@ const char *tls_conn_servername(struct tls *_ctx);
 const char *tls_conn_version(struct tls *_ctx);
 
 uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+void tls_unload_file(uint8_t *_buf, size_t len);
 
 int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
     size_t _size);
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
index dbb2d170d5..c643b4a9f6 100644
--- a/src/lib/libtls/tls_util.c
+++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.5 2016/11/04 15:59:16 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.6 2017/05/06 20:57:45 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -178,3 +178,9 @@ tls_load_file(const char *name, size_t *len, char *password)
 
         return (NULL);
 }
+
+void
+tls_unload_file(uint8_t *buf, size_t len)
+{
+        freezero(buf, len);
+}