diff options
| author | Martin Willi <martin@strongswan.org> | 2009-08-19 16:00:48 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-08-26 11:23:51 +0200 |
| commit | 957d1163286942fd966d2a83b027abc80bab000b (patch) | |
| tree | aa372bda706a0566c787a52bee7e7839783da84d /src | |
| parent | d9b24887a464d28d622ab47ddbea4a872585cd95 (diff) | |
| download | strongswan-957d1163286942fd966d2a83b027abc80bab000b.tar.bz2 strongswan-957d1163286942fd966d2a83b027abc80bab000b.tar.xz | |
in addition to 'm'/'c' mode, asn1_wrap accepts a 's' mode clearing sensitive information
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/asn1/asn1.c | 11 | ||||
| -rw-r--r-- | src/libstrongswan/asn1/asn1.h | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index ec46b165b..ea6702df9 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -832,9 +832,16 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) memcpy(pos, ch.ptr, ch.len); pos += ch.len; - if (*mode++ == 'm') + switch (*mode++) { - free(ch.ptr); + case 's': + chunk_clear(&ch); + break; + case 'm': + free(ch.ptr); + break; + default: + break; } } va_end(chunks); diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 8072d62d6..6ed9bf416 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -250,8 +250,12 @@ chunk_t asn1_integer(const char *mode, chunk_t content); /** * Build an ASN.1 object from a variable number of individual chunks * + * The mode string specifies the number of chunks, and how to handle each of + * them with a single character: 'c' for copy (allocate new chunk), 'm' for move + * (free given chunk) or 's' for sensitive-copy (clear given chunk, then free). + * * @param type ASN.1 type to be created - * @param mode for each list member: 'c' for copy or 'm' for move + * @param mode for each list member: 'c', 'm' or 's' * @return chunk containing the ASN.1 coded object */ chunk_t asn1_wrap(asn1_t type, const char *mode, ...); |