More secure storage of key material.

[oweals/openssl.git] / doc / crypto / BIO_s_mem.pod

diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod
index 8f85e0dceeb7f29a1207770a119618258b5ea4ca..1aa7e6ebf9190551e6fc9152a28d1eae7d6ac147 100644 (file)
--- a/doc/crypto/BIO_s_mem.pod
+++ b/doc/crypto/BIO_s_mem.pod
@@ -10,6 +10,7 @@ BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
  #include <openssl/bio.h>
 
  BIO_METHOD *  BIO_s_mem(void);
+ BIO_METHOD *  BIO_s_secmem(void);
 
  BIO_set_mem_eof_return(BIO *b,int v)
  long BIO_get_mem_data(BIO *b, char **pp)
@@ -26,6 +27,9 @@ A memory BIO is a source/sink BIO which uses memory for its I/O. Data
 written to a memory BIO is stored in a BUF_MEM structure which is extended
 as appropriate to accommodate the stored data.
 
+BIO_s_secmem() is like BIO_s_mem() except that the secure heap is used
+for buffer storage.
+
 Any data written to a memory BIO can be recalled by reading from it.
 Unless the memory BIO is read only any data read from it is deleted from
 the BIO.
@@ -79,6 +83,9 @@ read in small chunks the operation can be very slow. The use of a read only
 memory BIO avoids this problem. If the BIO must be read write then adding
 a buffering BIO to the chain will speed up the process.
 
+Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will
+give undefined results, including perhaps a program crash.
+
 =head1 BUGS
 
 There should be an option to set the maximum size of a memory BIO.