From ae64d277b8204c156a30d2e8b6a958e5a31f2a7f Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Tue, 29 Jun 2021 12:41:03 +0000
Subject: Explicitly clear TLS secrets afer handshake

No need to keep them at runtime;  do so unconditionally for the sake of
simplicity.

Declare TLS config globally so ircConnect() can clear it and declare
both client and config statically as they are not used outside the irc.c
module.
---
 irc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/irc.c b/irc.c
index 61d74bb..c308e46 100644
--- a/irc.c
+++ b/irc.c
@@ -43,12 +43,13 @@
 
 #include "chat.h"
 
-struct tls *client;
+static struct tls *client;
+static struct tls_config *config;
 
 void ircConfig(
 	bool insecure, const char *trust, const char *cert, const char *priv
 ) {
-	struct tls_config *config = tls_config_new();
+	config = tls_config_new();
 	if (!config) errx(EX_SOFTWARE, "tls_config_new");
 
 	int error;
@@ -167,6 +168,7 @@ int ircConnect(const char *bindHost, const char *host, const char *port) {
 	} while (error == TLS_WANT_POLLIN || error == TLS_WANT_POLLOUT);
 	if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client));
 
+	tls_config_clear_keys(config);
 	return sock;
 }
 
-- 
cgit 1.4.1

8b35f8fe4'>tree</a> <a href='/src/commit/bin/klon.c?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;follow=1'>commit</a> <a href='/src/diff/bin/klon.c?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;follow=1'>diff</a></td><td class='form'><form class='right' method='get' action='/src/log/bin/klon.c'>
<input type='hidden' name='id' value='e31da4ca14b7af4816405dbe86aed9d8b35f8fe4'/><input type='hidden' name='showmsg' value='1'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/src/log/?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;showmsg=1&amp;follow=1'>root</a>/<a href='/src/log/bin?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;showmsg=1&amp;follow=1'>bin</a>/<a href='/src/log/bin/klon.c?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;showmsg=1&amp;follow=1'>klon.c</a> (<a href='/src/log/bin/klon.c?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;showmsg=1'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/src/log/bin/klon.c?id=e31da4ca14b7af4816405dbe86aed9d8b35f8fe4&amp;follow=1'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2018-08-26 02:05:55 -0400'>2018-08-26</span></td><td class='logsubject'><a href='/src/commit/install.sh?id=dd3b42bc1365d16b9e4306e2639d49a3617797af&amp;follow=1'>Add NetBSD to install.sh</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-24 15:37:51 -0400'>2018-08-24</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=f8675036b10983e97c1266786f6c9f13213c766b&amp;follow=1'>Show hostname in title over SSH</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-23 00:15:02 -0400'>2018-08-23</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=50e36b4b909af44827ff8d233720683054af8f79&amp;follow=1'>Alias bc='bc -l'</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-20 23:29:10 -0400'>2018-08-20</span></td><td class='logsubject'><a href='/src/commit/bin/README?id=10d4188fd4d8682874089a16efe57fee7462f530&amp;follow=1'>Update usage of scheme in README</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-20 23:24:39 -0400'>2018-08-20</span></td><td class='logsubject'><a href='/src/commit/bin/fbclock.c?id=911274a7a166585dc4dcf052c0504eabb33df76e&amp;follow=1'>Use scheme.h in fbatt and fbclock</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-20 23:03:54 -0400'>2018-08-20</span></td><td class='logsubject'><a href='/src/commit/bin/scheme.c?id=fb92a2f9abfcd7e64687a19d9846521795063fb3&amp;follow=1'>Generate scheme.h</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-20 22:34:02 -0400'>2018-08-20</span></td><td class='logsubject'><a href='/src/commit/gfx/Makefile?id=1ab513b832c5060b4fb2d3f9382b52951fd8ecf3&amp;follow=1'>Add dependencies on gfx.h</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-18 18:51:29 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/txt/music.md?id=fe783b1fa8fcefdfb61df742a4902f7363554173&amp;follow=1'>Add Blondie — Heart of Glass</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Why didn't I know about this song? I love it.


</td></tr>
<tr class='logheader'><td><span title='2018-08-18 16:51:49 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=4e5ddc0b13ec267aac7e277ba067da4b30ba2615&amp;follow=1'>Set FCEDIT=$EDITOR</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-18 16:34:23 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/etc/gitea2mastodon.rb?id=ad54e6c3564992748192054e479b9cec7d35a841&amp;follow=1'>Only post commits with bodies to Mastodon</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-18 16:24:25 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/etc/tf/link.sh?id=34f82a21c530733393e3878ba6a4881b34a91884&amp;follow=1'>Run tf/cfg link script with /bin/sh</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-18 16:24:25 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/home/.local/bin/up?id=df5b8b987e8dd3e54df56d5e5569fabad5cb9eba&amp;follow=1'>Run {,s,t}up with /bin/sh</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2018-08-18 01:27:16 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=500195d6f1d13fc988bba60d6b35a7bdb5bb3a49&amp;follow=1'>Use whence instead of type</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
type is an alias for whence -v and is more for human consumption.


</td></tr>
<tr class='logheader'><td><span title='2018-08-18 01:07:05 -0400'>2018-08-18</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=43a0a0f04ed97d59b6994ba880e6ce31cf368724&amp;follow=1'>Cut off path components until right prompt fits</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Keeps paths valid (from somehwere) rather than abrupt truncation.


</td></tr>
<tr class='logheader'><td><span title='2018-08-17 22:42:37 -0400'>2018-08-17</span></td><td class='logsubject'><a href='/src/commit/home/.kshrc?id=ac18126e8205bad1db6665b0550f3543e3da71b8&amp;follow=1'>Add "private" alias to source encrypted file</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Why is there no easy way to *edit* an encrypted file?


</td></tr>
<tr class='logheader'><td><span title='2018-08-17 21:54:53 -0400'>2018-08-17</span></td><td class='logsubject'><a href='/src/commit/home/.config/nvim/init.vim?id=d2e8e98b244f778f650684e0984197b5da513b46&amp;follow=1'>Add vim mapping to add a #include</a></td><td>June McEnroe
	Commit message (Collapse)	Author
2018-08-26	Add NetBSD to install.sh	June McEnroe

2018-08-24	Show hostname in title over SSH	June McEnroe

2018-08-23	Alias bc='bc -l'	June McEnroe

2018-08-20	Update usage of scheme in README	June McEnroe

2018-08-20	Use scheme.h in fbatt and fbclock	June McEnroe

2018-08-20	Generate scheme.h	June McEnroe

2018-08-20	Add dependencies on gfx.h	June McEnroe

2018-08-18	Add Blondie — Heart of Glass	June McEnroe
	Why didn't I know about this song? I love it.
2018-08-18	Set FCEDIT=$EDITOR	June McEnroe

2018-08-18	Only post commits with bodies to Mastodon	June McEnroe

2018-08-18	Run tf/cfg link script with /bin/sh	June McEnroe

2018-08-18	Run {,s,t}up with /bin/sh	June McEnroe

2018-08-18	Use whence instead of type	June McEnroe
	type is an alias for whence -v and is more for human consumption.
2018-08-18	Cut off path components until right prompt fits	June McEnroe
	Keeps paths valid (from somehwere) rather than abrupt truncation.
2018-08-17	Add "private" alias to source encrypted file	June McEnroe
	Why is there no easy way to edit an encrypted file?
2018-08-17	Add vim mapping to add a #include	June McEnroe