From 18e8484a9814d03307f65fb5d7d4513e92f6d8ec Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Sun, 4 Jul 2021 13:35:07 -0400 Subject: Clear private key data after handshake --- irc.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'irc.c') diff --git a/irc.c b/irc.c index 5f14c9e..8856030 100644 --- a/irc.c +++ b/irc.c @@ -43,12 +43,13 @@ #include "chat.h" -struct tls *client; +static struct tls_config *config; +static struct tls *client; void ircConfig( bool insecure, const char *trust, const char *cert, const char *priv ) { - struct tls_config *config = tls_config_new(); + config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); int error; @@ -103,7 +104,6 @@ void ircConfig( error = tls_configure(client, config); if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(client)); - tls_config_free(config); } int ircConnect(const char *bindHost, const char *host, const char *port) { @@ -201,6 +201,14 @@ void ircSend(const char *ptr, size_t len) { ptr += ret; len -= ret; } + + // Private key data isn't needed anymore after the first write causes the + // handshake, but client will keep a reference to config. + if (config) { + tls_config_clear_keys(config); + tls_config_free(config); + config = NULL; + } } void ircFormat(const char *format, ...) { -- cgit 1.4.1