I'm trying to ensure that sensitive data (passwords, ...) are not kept in clear-text in process memory and I have found that all data sent to or received from OpenSSL is kept in memory... This is a problem as data sent or received from an SSL connection may contain sensitive information that we don't want to keep in process memory. Notes: This is only the case when using SSLv3 or TLSv1. When using SSLv2, data is not kept in memory. I am using version 0.9.8k-7ubuntu8.6 from Ubuntu Lucid. If this is related to a security fix, I think it is up to date. Reproduction is easy: Use ' openssl client -tls1 -connect hostname:443 ' to connect to an SSL server Send data in TLS connection Force generation of core file ( kill -SEGV for example) Inspect core file, received and sent data will be present Is there a reason for which OpenSSL may need to keep that data? Is there an option to alter its behavior?

Reputation: 2881

Why OpenSSL may keep received/written data in memory?

I'm trying to ensure that sensitive data (passwords, ...) are not kept in clear-text in process memory and I have found that all data sent to or received from OpenSSL is kept in memory...

This is a problem as data sent or received from an SSL connection may contain sensitive information that we don't want to keep in process memory.

Notes:

This is only the case when using SSLv3 or TLSv1. When using SSLv2, data is not kept in memory.
I am using version 0.9.8k-7ubuntu8.6 from Ubuntu Lucid. If this is related to a security fix, I think it is up to date.

Reproduction is easy:

Use 'openssl client -tls1 -connect hostname:443' to connect to an SSL server
Send data in TLS connection
Force generation of core file (kill -SEGV for example)
Inspect core file, received and sent data will be present

Is there a reason for which OpenSSL may need to keep that data? Is there an option to alter its behavior?

Upvotes: 0

Answers (3)

math

Reputation: 2881

Note: I'm replying to my own question after having found the explanation I was looking for.

The data is kept in zlib buffers if compression is enabled on the connection. That's why it is not observed with some configuration/server. It is surely required by zlib to correctly compress the flow.

If you don't need compression and you don't want unencrypted data to stay for a long time in process memory, you can disable OpenSSL compression.

STACK_OF(SSL_COMP)* cm = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(cm);

Upvotes: 0

David Schwartz

Reputation: 182753

The command-line 'client' tool is just for testing. It's not intended to provide actual security or to be suitable for real use. It has a number of features that make it very unsuitable for any kind of other use, for example, you cannot send a 'R' since that triggers renegotiation.

Upvotes: 1

Jumbogram

Reputation: 2259

It's still in memory because you never specifically overwrote the memory contents. There isn't a good reason for it to do so automatically (everyone else would complain that it uses unnecessary cycles).

You would have to erase the memory contents yourself. That functionality is not exposed via the command-line program.

Upvotes: 2

Why OpenSSL may keep received/written data in memory?

Answers (3)

Related Questions