1

In the code I often use OpenSSL resources: RSA, EC_KEY, EVP_PPKEY, so on. I know there are designated functions for creating and deleting them:

RSA_new()
RSA_free(RSA*)

However, are these functions enough to ensure the secrets don't remain in the memory - e.g. the memory is scrubbed/zeroed - if, say, an attacker would scan in?

In other words, what is the proper way in OpenSSL to remove secrets from memory?

(any documentation links would be awesome, I'm reading through the sources, but a somewhat official statement would help)

hauron
  • 4,550
  • 5
  • 35
  • 52

1 Answers1

1

In other words, what is the proper way in OpenSSL to remove secrets from memory?

OPENSSL_cleanse.

$ cd openssl-1.0.2a
$ grep -R OPENSSL_cleanse *
...
apps/apps.c:    OPENSSL_cleanse(buff, (unsigned int)bufsiz);
apps/apps.c:    OPENSSL_cleanse(buf, (unsigned int)bufsiz);
apps/apps.c:    OPENSSL_cleanse(buf, (unsigned int)bufsiz);
apps/ca.c:    OPENSSL_cleanse(key, strlen(key));
apps/dgst.c:    OPENSSL_cleanse(buf, BUFSIZE);
apps/enc.c:    OPENSSL_cleanse(str, SIZE);
apps/enc.c:    OPENSSL_cleanse(str, strlen(str));
...

As far as I know, all the *_free functions use it internally when deleting objects (when needed).

I don't believe OpenSSL uses a wrap, though. Storing the key for a key wrap or secret wrap is the Unattended Key Storage problem. Its a problem without a solution. See Guttman's Engineering Security for details.

Related: Why does OPENSSL_cleanse look so complex and thread-unsafe? and Secure memory block in openssl.

Community
  • 1
  • 1
jww
  • 97,681
  • 90
  • 411
  • 885