Closed Bug 347450 Opened 18 years ago Closed 18 years ago

FIPS 140-2 requirements on key zeroization

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.11.3

People

(Reporter: wtc, Unassigned)

References

Details

NSS always calls memset to clear the memory holding private keys, secret keys, and passwords after use. This is a good security practice, but is not necessarily required to pass FIPS 140-2 validation. In this bug I describe the applicable FIPS 140-2 requirements are expressly concerned with key zeroization. It turns out that, for a cryptographic module like NSS that is validated at Security Levels 1 and 2 and doesn't have a maintenance role, there is only one applicable FIPS 140-2 requirement on key zeroization. AS07.41: (Levels 1, 2, 3, and 4) The cryptographic module shall provide methods to zeroize all plaintext secret and private cryptographic keys and CSPs within the module. For NSS, we can interpret "and CSPs" as "and passwords/PINs". Since password-based encryption is not FIPS Approved, our key database's contents are considered in plaintext form, even though we password-encrypt the contents using PKCS #5. Note that this requirement does not specify *when* the module should zeroize a plaintext secret key, private key, or password/PIN.
> our key database's contents are considered in plaintext form, implication: key database buffers must be zeroed, too!
It turns out that key database buffers don't need to be zeroized. So the only remaining work to meet the FIPS 140-2 key zeroization requirements was to fix bug 53427.
Status: NEW → RESOLVED
Closed: 18 years ago
Depends on: 53427
Resolution: --- → FIXED
Target Milestone: 3.11.5 → 3.11.3
You need to log in before you can comment on or make changes to this bug.