aws · smittals2 · Apr 17, 2024 · Feb 28, 2024 · Mar 5, 2024 · Mar 6, 2024
@@ -303,3 +303,7 @@ int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) {
 int BIO_set_mem_eof_return(BIO *bio, int eof_value) {
   return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM_EOF_RETURN, eof_value, NULL);
 }
+
+const BIO_METHOD *BIO_s_secmem(void) {
+    return BIO_s_mem();
+}
@@ -329,6 +329,8 @@ size_t CRYPTO_secure_used(void) { return 0; }
 
 void *OPENSSL_secure_malloc(size_t size) { return OPENSSL_malloc(size); }
 
+void *OPENSSL_secure_zalloc(size_t size) { return OPENSSL_zalloc(size); }
+
 void OPENSSL_secure_clear_free(void *ptr, size_t len) {
   OPENSSL_clear_free(ptr, len);
 }

@@ -879,6 +879,10 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method,
 // BIO_meth_get_puts returns |puts| function of |method|.
 OPENSSL_EXPORT int (*BIO_meth_get_puts(const BIO_METHOD *method)) (BIO *, const char *);
 
+// BIO_s_secmem returns the normal BIO_METHOD |BIO_s_mem|. Deprecated since AWS-LC
+// does not support secure heaps.
+OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void);
+
 // Private functions
 
 #define BIO_FLAGS_READ 0x01

@@ -238,20 +238,27 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions(
   void *(*r)(void *, size_t, const char *, int),
   void (*f)(void *, const char *, int));
 
+// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that
+// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored.
+// AWS-LC does not support secure heaps. Therefore, the following functions are marked as deprecated.
+
 // CRYPTO_secure_malloc_init returns zero.
-OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
 
 // CRYPTO_secure_malloc_initialized returns zero.
-OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_initialized(void);
 
 // CRYPTO_secure_used returns zero.
-OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
+OPENSSL_EXPORT OPENSSL_DEPRECATED size_t CRYPTO_secure_used(void);
 
 // OPENSSL_secure_malloc calls |OPENSSL_malloc|.
-OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_malloc(size_t size);
+
+// OPENSSL_secure_zalloc calls |OPENSSL_zalloc|.
+OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_zalloc(size_t size);
 
 // OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
-OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
+OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_secure_clear_free(void *ptr, size_t len);
 
 
 #if defined(__cplusplus)