Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
>One might wonder what the importance of this is, until you realise that a
>realloc() most often has the same cost as malloc() and a free() put together,
>especially when we you have growing things, like a BIGNUM with a data area the
>doubles in size :-).
realloc() is *not* functionally equivalent to malloc()+free() in this instance.
This was a problem with the SSLeay-era bignum code (which AFAIK Eric fixed
after I pointed it out), that calling realloc() in the code will leave lots of
copies of private keys and other sensitive data lying around in memory. The
bignum code should never call the libc realloc(), but should instead use a safe
realloc which does a malloc(), a memcpy(), a memset() to zero of the original
data, and then a free().
Peter.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
