In our haste to help, the secure memory allocation patch we posted last week
had two issues. First, it wasn’t easy to use. We knew that, and tried to set
expectations accordingly. Second, it wasn’t really secure enough. We didn’t
know that, and we thank everyone who brought it to our attention. For example,
it only protected keys that came in via ASN.1 (which addressed our use-case but
wasn’t made explicit) and, much worse, it failed to protect all the necessary
key parameters and values used in intermediate calculations.
We are working on new code that will address both issues, and hope to post the
next revision in a couple of days. The heap is more like OpenSSL coding style,
and protects all BIGNUM's. If you are interested and able to help out before
we post it, please contact me directly.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
