Richard Levitte - VMS Whacker wrote:
>
> From: Richard Levitte - VMS Whacker <[EMAIL PROTECTED]>
>
> levitte> From: Geoff Thorpe <[EMAIL PROTECTED]>
> levitte>
> levitte> geoff> Might I propose another thought? We implement a sanitising heap
> levitte> geoff> around malloc/realloc/free and allow it to be substituted in
> levitte> geoff> (or even substituted *out* if we want it by default?) by
> levitte> geoff> calling a new CRYPTO_set_safe_mem_functions(void) type of
> levitte> geoff> function?
> levitte>
> levitte> That sounds reasonable. However, I'd like it to be enabled by
> levitte> default, and give people the option to remove or replace at their
> levitte> leasure.
>
> Uhmm, when I come to think of it, that's a bad solution from a
> performance point of view. There's no point zeroing things you know
> are non-secret, like public keys or certificates...
Quite so.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
