Can someone help me understand the motivation for why -DPURIFY isn't the
default? I've read through the openssl-dev@ and openssl-users@ archives
and have found several threads involving -DPURIFY, but I've been unable
to glean the motivation behind it being off by default. From what I can
tell, the primary motivation is performance. Just looking for some
confirmation or to be corrected.
Aside from a potential performance impact, are there other aspects I
should consider before running a -DPURIFY build in a production system?
I'm, of course, assuming that any gain in entropy by using memory
without first initializing it is negligible and in no way vital to the
security of OpenSSL routines.
Thanks.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
