Record Layer Buffers & Zeroization

Martin Elshuber martin.elshuber at theobroma-systems.com
Tue Jun 23 10:57:00 UTC 2020


Thx for the answer,

than at least a can stop looking for this :).

And yes I can understand the performance hit and I agree that this
should be optional and disabled by default.

I am thinking of adding a OPENSSL_cleanse just ofter the memcpy in
ssl3_read_bytes. And probably replacing the OPENSSL_free by an
OPENSSL_clear_free in SSL3_BUFFER_release. The later gets rid of data
not yet deliverd to the application.

I am thinking to make both dependent on a flags such as
SSL_OP_CLEANSE_PLAINTEXT. But I am not sure how to select a suitable
bit, since all unused bits are currently stated to be reserved for
openssl 1.2.

Another option is to add a compiler option; Though I do not like this
too much.

Did I forget any locations where to more cleanses? Any other suggestions?

If you are still interested, I am happy to prepare a PR and move the
discussion there. I guess this is "CLA: trivial" patch anyways.

Martin

Am 23.06.2020 um 12:19 schrieb Matt Caswell:
>
> On 22/06/2020 18:28, Martin Elshuber wrote:
>> I might be blind, but I just cannot find the location where this
>> plaintext data is
>> zeroized, neither by OPENSSL_cleanse() nor memset().
>>
>> Am I blind, or is this just not done? Shouldn't there be a way to do
>> this just like
>> it is already done with keys?
> We don't currently do this. There would likely be some significant
> performance impacts for doing this with all plaintext. That said it
> might be a nice optional feature to add.
>
> Matt




More information about the openssl-users mailing list