canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
Jump to navigation
Jump to search
→Key Zeroization
| Line 47: | Line 47: | ||
The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a private key or password. In summary, private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroed once the use is complete. The function used to zero memory used by private key material is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>: | The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a private key or password. In summary, private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroed once the use is complete. The function used to zero memory used by private key material is the Standard C library function <code>memset()</code> or its synonym <code>PORT_Memset()</code>: | ||
#define PORT_Memset memset | #define PORT_Memset memset | ||
If the memory used by private key material is allocated from the heap, the <code>PORT_ZFree()</code> function can be used to both zero and free memory: | If the memory used by private key material is allocated from the heap, the [http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/util/secport.c.dep.html#PORT_ZFree <code>PORT_ZFree()</code>] function can be used to both zero and free memory: | ||
void | void | ||
PORT_ZFree(void *ptr, size_t len) | PORT_ZFree(void *ptr, size_t len) | ||