On 10 Apr 2014, at 08:14, lst_ho...@kwsoft.de wrote: > I still wonder why OpenSSL does not use the memory wipe before free, is it a > performance killer or a feature?
I imagine the OpenSSL developers didn't think this was necessary when they first started on the code 10-15 years ago and that institutional memory (excuse the pun) took hold for future releases. It may well be a different story now.
