summaryrefslogtreecommitdiff
path: root/src/irmd/main.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2026-06-21 12:55:17 +0200
committerSander Vrijders <sander@ouroboros.rocks>2026-06-29 08:32:59 +0200
commit8499436b4673ac2e2026879a95d97162ba2e8cbc (patch)
treeb09e1677e9f21c149a530361dadaa0868c824ac5 /src/irmd/main.c
parente42a24f39afe15c5ac579fa519df98643d4fc6dd (diff)
downloadouroboros-8499436b4673ac2e2026879a95d97162ba2e8cbc.tar.gz
ouroboros-8499436b4673ac2e2026879a95d97162ba2e8cbc.zip
lib: Harden OpenSSL crypto backend
This contains a few improvements and fixes in the OpenSSL backed. We now zeroize shared secrets with OPENSSL_clear_free. The i2d_PUBKEY output is bound against CRYPT_KEY_BUFSZ. We now return NULL rather than silently falling back to SHA-256 when a digest is unknown. FILE handles are now closed via pthread cleanup so a cancelled thread cannot leak them. The DHE kex tests now set the KDF NID explicitly, since the SHA-256 fallback is gone. Also refactors the PEM string loaders to clean up some code duplication. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/irmd/main.c')
0 files changed, 0 insertions, 0 deletions