> In the file openssl/engines/ccgost/gosthash.c, the function > circle_xor8() is sometimes called with overlapping buffers > (specifically, the *same* buffer), yet uses the memcpy() function > instead of memmove(), which can result in undefined behavior. This > caused a definite problem in some compilation environments on MacOS X > 10.7 when using the code standalone outside of OpenSSL, so presumably > it could potentially cause issues in OpenSSL as well.
Good catch! Out of curiosity, what does "compilation ... outside of OpenSSL" mean? Another compiler? Different optimization flags? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
