You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ben Laurie made clear to me that there aren't any special "memory tricks" being employed within OpenSSL, for keeping the private keys from swapping to disk, etc.
However, he also said that:
There are functions within OpenSSL we can use for zeroing memory after using it (I have a function like this myself.) So we should make sure any OpenSSL-related memory is also zeroed after, using the OpenSSL zeroing function.
There are facilities within OpenSSL for substituting the memory manager. Basically if we are paranoid about our RAM, then his point was that WE need to manage the memory ourselves, which OpenSSL will allow us to do.
So TODO: Make our own CUSTOM MEMORY MANAGER and use it for OpenSSL. (We don't have to manage ALL the memory since we already protect our own secrets, but we should at least manage the memory used by our calls to OpenSSL.)
The text was updated successfully, but these errors were encountered:
Ben Laurie made clear to me that there aren't any special "memory tricks" being employed within OpenSSL, for keeping the private keys from swapping to disk, etc.
However, he also said that:
So TODO: Make our own CUSTOM MEMORY MANAGER and use it for OpenSSL. (We don't have to manage ALL the memory since we already protect our own secrets, but we should at least manage the memory used by our calls to OpenSSL.)
The text was updated successfully, but these errors were encountered: