diff options
author | Rich Salz <rsalz@akamai.com> | 2015-04-24 16:39:40 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-06-23 17:09:35 -0400 |
commit | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch) | |
tree | 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /doc/crypto/buffer.pod | |
parent | ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff) | |
download | openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.gz |
More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc/crypto/buffer.pod')
-rw-r--r-- | doc/crypto/buffer.pod | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index 781f5b11ee..3804c5649b 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -11,6 +11,10 @@ character arrays structure BUF_MEM *BUF_MEM_new(void); + #define BUF_MEM_FLAG_SECURE + + BUF_MEM * BUF_MEM_new_ex(unsigned long flags); + void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); @@ -37,6 +41,10 @@ and one "miscellaneous" function. BUF_MEM_new() allocates a new buffer of zero size. +BUF_MEM_new_ex() allocates a buffer with the specified flags. +The flag B<BUF_MEM_FLAG_SECURE> specifies that the B<data> pointer +should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>. + BUF_MEM_free() frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. @@ -63,11 +71,15 @@ BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>). =head1 SEE ALSO -L<bio(3)|bio(3)> +L<bio(3)|bio(3)>, +L<CRYPTO_secure_malloc(3)>. =head1 HISTORY BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8. +BUF_MEM_new_ex() was contributed to OpenSSL by Akamai Technologies +in May, 2014. + =cut |