Using OPENSSL_secure_malloc in a library?

[Antoine Pitrou]

Hello,

I maintain a library (Apache Arrow/Parquet) that uses OpenSSL. We would like to use OPENSSL_secure_malloc() for more secure storage of secrets. However, it seems that this usage relies on initializing a global heap using CRYPTO_secure_malloc_init(), and releasing it at process shutdown using CRYPTO_secure_malloc_done(). This is fine from an application, but such explicit process-wide initialization routines are inherently problematic to call from within a library (what if the application, or another library loaded by the application, also calls these initialization routines?).

Are there any guidelines to reliably use OPENSSL_secure_malloc() in a library?

Thanks

Antoine.

[Alexandr Nedvedicky]

Hello Antoine,

On Thu, Apr 03, 2025 at 03:21:26AM -0700, Antoine Pitrou wrote:
</snip>

>
> Are there any guidelines to reliably use OPENSSL_secure_malloc() in a
> library?
>

I'm not aware of any guidelines on how to use OPENSSL_secure_malloc() in
library. I took a look at the source code and indeed the secure memory
is global. Your question feels like feature request to allow other
components/libraries create their own secure memory instances.
Either by introducing a new CRYPTP_secure__malloc_init() variant which
will return a handle/pointer to secure heap or adding secure heap to
library context. I think both those approaches would be safe for your
usecase.

thanks and
regards
sashan

[Antoine Pitrou]

Hi Sasha,

Yes, being able to create one's own heap would be a good solution for that.

Regards

Antoine.