Hi,
> I'd also like to speak up on behalf of the **vast** majority.
>
> They don't want unnecessary zeroing of memory in frequently executed
> code paths (for which the only reason is to satisfy an infrequently
> executed testing environment that valgrind provides). Those wanting
> to run valgrind WITH OpenSSL -DPURIFY is provided.
Maybe more importantly (at least from my POV), if you're looking for
"random bytes", using uninitialized memory (assuming the OS or C
runtime doesn't initialize it anyway) instead of something always
initialized to the same fixed sequence of bytes actually might be a good
idea - or did I misunderstand something?
Regards,
Stefan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
