Record Layer Buffers & Zeroization

Martin Elshuber martin.elshuber at theobroma-systems.com
Mon Jun 22 17:28:03 UTC 2020


Hi,

I have a question regarding the recordlayer and zeroization of plain
text data.

To my understanding openssl (I am on v1.1.1g) maintains inbound data for
TLS1.2 within
SSL.rlayer.rbuf.The data is split into records and the meta information
is kept in
SSL.rlayer.rrec. The data pointers isself alias SSS.rlayer.rbuf.

Decryption of inbound data is done in-place in ssl3_get_record(). So the
rbuf stores
(possibly sensitive) plaintext data until it is reused by followup data.

Is this correct?

I might be blind, but I just cannot find the location where this
plaintext data is
zeroized, neither by OPENSSL_cleanse() nor memset().

Am I blind, or is this just not done? Shouldn't there be a way to do
this just like
it is already done with keys?

The reasoning behind this, is that in some cases it might not only be
necessary to get
rid of keys when no longer used, but also to get rid of all residuals
transported over
the secure channel.

Note on outbound: In the outbound path, to my understanding no plaintext
copies are
created, since plain data only lives in the user buffer passed to
openssl. The user
has to take of this part.

Thx in advance & keep up your good work & kind regards
Martin





More information about the openssl-users mailing list