The funny thing is the fact that everybody is ignoring that the patch wasn't a patch. It was a POC (read demonstration) with the notes:
'...This patch is a variant of what we've been using to help protect customer keys for a decade.
This should really be considered more of a proof of concept than something that you want to put directly into production. It slides into the ASN1 code rather than adding a new API (OPENSSL_secure_allocate et al), the overall code isn't portable, and so on. If there is community interest, we would be happy to help work on addressing those issues. Let me restate that: do not just take this patch and put it into production without careful review.'
Oh but if you do that how are you going to make a pretentious critic to shoot it down ? The akamai guy straight up said "that's not actually our code, and that should not and cannot be used as-is, this is a POC", rendering this entire "answer" irrelevant especially given its mocking tone.
'...This patch is a variant of what we've been using to help protect customer keys for a decade.
This should really be considered more of a proof of concept than something that you want to put directly into production. It slides into the ASN1 code rather than adding a new API (OPENSSL_secure_allocate et al), the overall code isn't portable, and so on. If there is community interest, we would be happy to help work on addressing those issues. Let me restate that: do not just take this patch and put it into production without careful review.'