Custom secure heap implementation

Tobias Nießen tniessen at
Sun May 5 13:15:58 UTC 2019


I have been experimenting with a custom secure heap implementation recently. Would OpenSSL be open to a patch that allows users to replace the OpenSSL implementation with their own, similarly to how CRYPTO_set_mem_functions works? Based on mem_sec.c, at least sh_malloc, sh_free, sh_actual_size and sh_allocated need to be pluggable, probably also a new function for CRYPTO_secure_used.

Also, should thread safety be part of OpenSSL as it is right now (via sec_malloc_lock), or should it be up to the implementation?


More information about the openssl-users mailing list