![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 6 years ago
Last modified 6 years ago
#2179 closed enhancement
Wipe out memory used for storing SSL keys before released — at Version 1
| Reported by: | nanang | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.9 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description (last modified by nanang)
Zeroing our buffers should be sufficient as we cannot really manage the OpenSSL internal buffers. Moreover, it seems that OpenSSL already does wipe out its internal buffers, i.e: a lot of OpenSSL_cleanse() calls in OpenSSL source code, the function will fill a buffer with garbage or zero. But unfortunately cannot really find official docs about it.
Additionally, SSL socket pool content will be zeroed before released, it is done using a new API pj_pool_secure_release().
Thanks Peter Koletzki for the feedback.
Note: See
TracTickets for help on using
tickets.
