Provide a ressl config function that explicitly clears keys.

Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is simpler and more obvious to call one function that does this for you. ok tedu@
libressl · Sep 28, 2014 · 7967c2e · 7967c2e
1 parent b5fec41
commit 7967c2e
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */
+/* $OpenBSD: ressl.h,v 1.14 2014/09/28 06:24:00 tedu Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -44,6 +44,7 @@ int ressl_config_set_key_mem(struct ressl_config *config, const uint8_t *key,
 void ressl_config_set_verify_depth(struct ressl_config *config,
     int verify_depth);
 
+void ressl_config_clear_keys(struct ressl_config *config);
 void ressl_config_insecure_no_verify(struct ressl_config *config);
 void ressl_config_verify(struct ressl_config *config);
 

diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -97,6 +97,13 @@ ressl_config_free(struct ressl_config *config)
 	free(config);
 }
 
+void
+ressl_config_clear_keys(struct ressl_config *config)
+{
+	ressl_config_set_cert_mem(config, NULL, 0);
+	ressl_config_set_key_mem(config, NULL, 0);
+}
+
 int
 ressl_config_set_ca_file(struct ressl_config *config, const char *ca_file)
 {