On Fri, Apr 11, 2014 at 01:22:21PM -0400, Salz, Rich wrote:
> Akamai Technologies is pleased to offer the following patch to OpenSSL. It 
> adds a "secure arena" that is used to store RSA private keys.  This arena is 
> mmap'd, with guard pages before and after so pointer over- and under-runs 
> won't wander into it. It's also locked into memory so it doesn't appear on 
> disk, and when possible it's also kept out of core files.  This patch is a 
> variant of what we've been using to help protect customer keys for a decade.

Have you thought about mprotecting the guard pages with
mprotect(PROT_NONE) so the application crashes in case of a stray
memory access?



OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to