shinrich commented on pull request #6609: URL: https://github.com/apache/trafficserver/pull/6609#issuecomment-833740226
Checked out the OPENSSL_secure_malloc implementation. OPENSSL_secure_malloc creates a separate heap to for OPENSSL_secure_malloc to allocate from. The logic is that basic heap overflows from regular memory allocations won't override into your sensitive data. The secure heap is fixed size and all allocs and frees to that heap are serialized by a mutex. So we would definitely want to do another performance evaluation before committing that change. I would prefer to land this change which we have been running in production for at least a year. Then spend some effort to reduce the lifetime of the secrets in memory. I think that will have a bigger security benefit than the secure heap. That will involve adjusting our reloading/polling logic and our lazy loading logic (for client certificates). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
