The RSA_memory_lock (crypto/rsa/rsa_lib.c) call isn't mentioned in the documentation. It also isn't called from anywhere inside OpenSSL.
The rsa.h header file says: | /* This function needs the memory locking malloc callbacks to be installed */ | int RSA_memory_lock(RSA *r); The problem being that this routine calls OPENSSL_malloc - i.e. no locking. So either the call needs to be updated to call CRYPTO_secure_malloc or it could be a candidate for dead code removal. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4586 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
