The various OPENSSL_cleanse assembler implementations in contrast with
the C implementation do not handle zero length gracefully - that is
returning without touching the memory. Instead they overflow and
segfault.
Steps to reproduce:
echo 'test' | openssl dgst -md5 -hmac ''
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
