From 74924dcb3802640d7e2ae2e80ca6515d0a53de7a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 24 Apr 2015 16:39:40 -0400 Subject: More secure storage of key material. Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte --- doc/crypto/buffer.pod | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'doc/crypto/buffer.pod') diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index 781f5b11ee..3804c5649b 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -11,6 +11,10 @@ character arrays structure BUF_MEM *BUF_MEM_new(void); + #define BUF_MEM_FLAG_SECURE + + BUF_MEM * BUF_MEM_new_ex(unsigned long flags); + void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); @@ -37,6 +41,10 @@ and one "miscellaneous" function. BUF_MEM_new() allocates a new buffer of zero size. +BUF_MEM_new_ex() allocates a buffer with the specified flags. +The flag B specifies that the B pointer +should be allocated on the secure heap; see L. + BUF_MEM_free() frees up an already existing buffer. The data is zeroed before freeing up in case the buffer contains sensitive data. @@ -63,11 +71,15 @@ BUF_MEM_grow() returns zero on error or the new size (i.e. B). =head1 SEE ALSO -L +L, +L. =head1 HISTORY BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8. +BUF_MEM_new_ex() was contributed to OpenSSL by Akamai Technologies +in May, 2014. + =cut -- cgit v1.2.3