> after I pointed it out), that calling realloc() in the code will leave lots of
> copies of private keys and other sensitive data lying around in memory. The
> bignum code should never call the libc realloc(), but should instead use a safe
> realloc which does a malloc(), a memcpy(), a memset() to zero of the original
> data, and then a free().
Is this really something that OpenSSL should be concerned about? I mean, is
it really trying to make itself safe from someone reading /dev/mem, /dev/swap,
or the random swap blocks on the C: drive?
It's so hard to do it right, I'd rather we were honest and didn't try to
protect against those kinds of things. It's not worth it, especially when you
consider the overall security of the target platforms: none (Win) or
none-if-root-is-involved (Unix).
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
