Thx for the answer, than at least a can stop looking for this :). And yes I can understand the performance hit and I agree that this should be optional and disabled by default. I am thinking of adding a OPENSSL_cleanse just ofter the memcpy in ssl3_read_bytes. And probably replacing the OPENSSL_free by an OPENSSL_clear_free in SSL3_BUFFER_release. The later gets rid of data not yet deliverd to the application. I am thinking to make both dependent on a flags such as SSL_OP_CLEANSE_PLAINTEXT. But I am not sure how to select a suitable bit, since all unused bits are currently stated to be reserved for openssl 1.2. Another option is to add a compiler option; Though I do not like this too much. Did I forget any locations where to more cleanses? Any other suggestions? If you are still interested, I am happy to prepare a PR and move the discussion there. I guess this is "CLA: trivial" patch anyways. Martin Am 23.06.2020 um 12:19 schrieb Matt Caswell: > > On 22/06/2020 18:28, Martin Elshuber wrote: >> I might be blind, but I just cannot find the location where this >> plaintext data is >> zeroized, neither by OPENSSL_cleanse() nor memset(). >> >> Am I blind, or is this just not done? Shouldn't there be a way to do >> this just like >> it is already done with keys? > We don't currently do this. There would likely be some significant > performance impacts for doing this with all plaintext. That said it > might be a nice optional feature to add. > > Matt
