diff options
author | Rich Salz <rsalz@akamai.com> | 2015-04-24 16:39:40 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-06-23 17:09:35 -0400 |
commit | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch) | |
tree | 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /doc/crypto/BIO_s_mem.pod | |
parent | ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff) | |
download | openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.zip openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.gz openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.bz2 |
More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc/crypto/BIO_s_mem.pod')
-rw-r--r-- | doc/crypto/BIO_s_mem.pod | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod index 8f85e0d..1aa7e6e 100644 --- a/doc/crypto/BIO_s_mem.pod +++ b/doc/crypto/BIO_s_mem.pod @@ -10,6 +10,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO #include <openssl/bio.h> BIO_METHOD * BIO_s_mem(void); + BIO_METHOD * BIO_s_secmem(void); BIO_set_mem_eof_return(BIO *b,int v) long BIO_get_mem_data(BIO *b, char **pp) @@ -26,6 +27,9 @@ A memory BIO is a source/sink BIO which uses memory for its I/O. Data written to a memory BIO is stored in a BUF_MEM structure which is extended as appropriate to accommodate the stored data. +BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used +for buffer storage. + Any data written to a memory BIO can be recalled by reading from it. Unless the memory BIO is read only any data read from it is deleted from the BIO. @@ -79,6 +83,9 @@ read in small chunks the operation can be very slow. The use of a read only memory BIO avoids this problem. If the BIO must be read write then adding a buffering BIO to the chain will speed up the process. +Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will +give undefined results, including perhaps a program crash. + =head1 BUGS There should be an option to set the maximum size of a memory BIO. |