In the file openssl/engines/ccgost/gosthash.c, the function
circle_xor8() is sometimes called with overlapping buffers (specifically, the
*same* buffer), yet uses the memcpy() function instead of memmove(), which can
result in undefined behavior. This caused a definite problem in some
compilation environments on MacOS X 10.7 when using the code standalone outside
of OpenSSL, so presumably it could potentially cause issues in OpenSSL as well.
The transform_3() function right below already uses memmove() for similar
reasons.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
