[openssl-dev] [openssl.org #4586] RSA_memory_lock ?
paul.dale@oracle.com via RT
rt at openssl.org
Thu Jun 23 22:38:27 UTC 2016
The RSA_memory_lock (crypto/rsa/rsa_lib.c) call isn't mentioned in the documentation. It also isn't called from anywhere inside OpenSSL.
The rsa.h header file says:
| /* This function needs the memory locking malloc callbacks to be installed */
| int RSA_memory_lock(RSA *r);
The problem being that this routine calls OPENSSL_malloc - i.e. no locking.
So either the call needs to be updated to call CRYPTO_secure_malloc or it could be a candidate for dead code removal.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list