openssl中的安全内存块 [英] Secure memory block in openssl
问题描述
OpenSSL中是否有任何方法等效于Crypto ++的 SecByteBlock ?
Is there any method in OpenSSL which is an equivalent of Crypto++'s SecByteBlock?
在释放内存之前先清除内存的事情,其中包括使用敏感信息保护内存块.有什么办法可以保护内存中的RSA结构?
Something that clears the memory before freeing it among other things of securing the memory block with sensitive information. Is there any way of securing the RSA struct in memory?
推荐答案
OpenSSL中是否有任何方法等效于Crypto ++的SecByteBlock?
Is there any method in OpenSSL which is an equivalent of Crypto++'s SecByteBlock?
A SecByteBlock是利用OOP的类,它通过将数据与用于对数据进行操作的操作(大量的豁免)相结合. OpenSSL是一个C库,它没有与OOP相关的大多数功能.
A SecByteBlock is a class that takes advantage of OOP by combining data with the operations to act on the data (lots of hand waiving). OpenSSL is a C library, and it does not have most of the goodies related to OOP.
在OpenSSL中,您将使用OPENSSL_cleanse.这是在OpenSSL中对它的一线使用:
In OpenSSL, you would use OPENSSL_cleanse. Here are some one-liner uses of it in OpenSSL:
$ grep -R cleanse * | grep -v doc
...
apps/apps.c: OPENSSL_cleanse(buff, (unsigned int)bufsiz);
apps/apps.c: OPENSSL_cleanse(buf, (unsigned int)bufsiz);
apps/apps.c: OPENSSL_cleanse(buf, (unsigned int)bufsiz);
apps/ca.c: OPENSSL_cleanse(key, strlen(key));
apps/dgst.c: OPENSSL_cleanse(buf, BUFSIZE);
apps/enc.c: OPENSSL_cleanse(str, SIZE);
apps/enc.c: OPENSSL_cleanse(str, strlen(str));
...
有什么方法可以在内存中保护RSA结构?
Is there any way of securing the RSA struct in memory?
RSA_free内部调用OPENSSL_cleanse.因此,在丢弃结构时将其归零.根据RSA_new和RSA_free上的 OpenSSL手册页:
RSA_free calls OPENSSL_cleanse internally. So the structure is zeroized when its discarded. According to the OpenSSL man page on RSA_new and RSA_free:
RSA_free()释放RSA结构及其组件.在将内存返回系统之前,将擦除密钥.
RSA_free()frees the RSA structure and its components. The key is erased before the memory is returned to the system.
但是您可能应该定义对内存中的安全性"的要求.如果您的要求包括包装,则否,OpenSSL不提供包装.但是Crypto ++也没有.
But you should probably to define your requirements for "secure in memory." If your requirements include wrapping, then no, OpenSSL does not provide it. But neither does Crypto++.
这篇关于openssl中的安全内存块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
