]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1c9761d) | patch
Add support to zeroize plaintext in S3 record layer
authorMartin Elshuber <martin.elshuber@theobroma-systems.com>
Tue, 23 Jun 2020 10:14:41 +0000 (12:14 +0200)
committerDmitry Belyavskiy <beldmit@gmail.com>
Tue, 7 Jul 2020 09:07:47 +0000 (12:07 +0300)
commit163b8016160f03558d8352b76fb594685cb39f7d
tree87d27b9a6e193b1c70365e44638c130807fb7430tree
parent1c9761d0b547d2d135037d215cd16feb4d0b698ccommit | diff
Add support to zeroize plaintext in S3 record layer

Some applications want even all plaintext copies beeing
zeroized. However, currently plaintext residuals are kept in rbuf
within the s3 record layer.

This patch add the option SSL_OP_CLEANSE_PLAINTEXT to its friends to
optionally enable cleansing of decrypted plaintext data.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12251)
CHANGES.md diff | blob | blame | history
doc/man3/SSL_CTX_set_options.pod diff | blob | blame | history
include/openssl/ssl.h diff | blob | blame | history
ssl/record/rec_layer_d1.c diff | blob | blame | history
ssl/record/rec_layer_s3.c diff | blob | blame | history
ssl/record/ssl3_buffer.c diff | blob | blame | history
test/sslapitest.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git