On 10/22/18 12:05 PM, Petr Pisar via curl-library wrote:
Actually would be possible to allow an application to supply an allocator and deallocator callbacks to libcurl via an option? This way the application could control the sensitive data storage. E.g. by allocating a memory from core-locked (non-swappable) region. It could also scrub the data from the memory instead of libcurl. The callback could also be used by underlying crypto library for storing session keys etc. In other words the application would become responsible for the safety measures. libcurl would only use the callbacks instead of a native allocator (if provided).
Sure. I don't know why I forgot about that option. I like that way and think that's the way to go.
-- Gabriel
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
