On 23/06/2020 11:57, Martin Elshuber wrote:
> Thx for the answer,
>
> than at least a can stop looking for this :).
>
> And yes I can understand the performance hit and I agree that this
> should be optional and disabled by default.
>
> I am thinking of adding a OPENSSL_cleanse just ofter
Thx for the answer,
than at least a can stop looking for this :).
And yes I can understand the performance hit and I agree that this
should be optional and disabled by default.
I am thinking of adding a OPENSSL_cleanse just ofter the memcpy in
ssl3_read_bytes. And probably replacing the
On 22/06/2020 18:28, Martin Elshuber wrote:
> I might be blind, but I just cannot find the location where this
> plaintext data is
> zeroized, neither by OPENSSL_cleanse() nor memset().
>
> Am I blind, or is this just not done? Shouldn't there be a way to do
> this just like
> it is already
Hi,
I have a question regarding the recordlayer and zeroization of plain
text data.
To my understanding openssl (I am on v1.1.1g) maintains inbound data for
TLS1.2 within
SSL.rlayer.rbuf.The data is split into records and the meta information
is kept in
SSL.rlayer.rrec. The data pointers isself