diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-21 12:55:17 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:59 +0200 |
| commit | 8499436b4673ac2e2026879a95d97162ba2e8cbc (patch) | |
| tree | b09e1677e9f21c149a530361dadaa0868c824ac5 /src/lib/crypt.c | |
| parent | e42a24f39afe15c5ac579fa519df98643d4fc6dd (diff) | |
| download | ouroboros-8499436b4673ac2e2026879a95d97162ba2e8cbc.tar.gz ouroboros-8499436b4673ac2e2026879a95d97162ba2e8cbc.zip | |
lib: Harden OpenSSL crypto backend
This contains a few improvements and fixes in the OpenSSL backed. We
now zeroize shared secrets with OPENSSL_clear_free. The i2d_PUBKEY
output is bound against CRYPT_KEY_BUFSZ. We now return NULL rather
than silently falling back to SHA-256 when a digest is unknown. FILE
handles are now closed via pthread cleanup so a cancelled thread
cannot leak them. The DHE kex tests now set the KDF NID explicitly,
since the SHA-256 fallback is gone.
Also refactors the PEM string loaders to clean up some code duplication.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/crypt.c')
0 files changed, 0 insertions, 0 deletions
