upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Wipe TLS session key data from memory on exit.

Browse source 
git-svn-id: file:///svn/unbound/trunk@5098 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2019-01-31 15:25:27 +00:00
parent 8992e8c91f
commit 281030d576
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -8,6 +8,7 @@
still supports the set_id_callback previous API. And for 1.1.0 still supports the set_id_callback previous API. And for 1.1.0
no locking callbacks are needed. no locking callbacks are needed.
- #8: Fix OpenSSL without ENGINE support compilation. - #8: Fix OpenSSL without ENGINE support compilation.
- Wipe TLS session key data from memory on exit.
30 January 2019: Ralph 30 January 2019: Ralph
- Fix case in which query timeout can result in marking delegation - Fix case in which query timeout can result in marking delegation

1
util/net_help.c
View file

@ -1235,6 +1235,7 @@ listen_sslctx_delete_ticket_keys(void)
struct tls_session_ticket_key *key; struct tls_session_ticket_key *key;
if(!ticket_keys) return; if(!ticket_keys) return;
for(key = ticket_keys; key->key_name != NULL; key++) { for(key = ticket_keys; key->key_name != NULL; key++) {
memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/
free(key->key_name); free(key->key_name);
} }
free(ticket_keys); free(ticket_keys);