12 Apr
2014
12 Apr
'14
2:22 a.m.
Don't think for one second that using malloc directly would have saved OpenSSL here. By default malloc does not zero freed memory it returns. It is a feature that needs to be enabled. If OpenSSL wanted to zero memory it was returning could have done that itself. The only difference is that *some* malloc implementations examine the envionment and change their behaviour based on that. That OpenSSL used its own memory allocator was a problem does not stand up to rigourous analysis. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org