OpenSSL memory management

Jan Algermissen jan.algermissen at
Wed Jun 12 06:31:47 UTC 2013


I am new to this list and to nginx, so here is a short intro:

I am Jan Algermissen, primarily a complete REST/HTTP-head and recently
focussing on REST API security. About to write an nginx module as an
authenticating HTTP gateway.

I have a question regarding memory management and the use of OpenSSL
(libcrypto) in nginx:

AFAIK, libcrypto is doing quite a lot of memory allocations/deallocations
internally, unsing standard malloc etc.

When a piece software that builds upon libcrypto provides its own
memory management (for example nginx) it can explicitly set the
memory management functions used by libcrypto. This can be done
by using CRYPTO_set_mem_functions (#include <crypto.h>).

Looking at the nginx sources, I did not find any use of this feature. Am
I missing something, or does the SSL module of nginx simply ignore
the memory management issue, defering to the use of malloc inside

If so, can anyone explain the rationale for doiing so?


More information about the nginx mailing list