>>> In the file openssl/engines/ccgost/gosthash.c, the function >>> circle_xor8() is sometimes called with overlapping buffers >>> (specifically, the *same* buffer), yet uses the memcpy() function >>> instead of memmove(), which can result in undefined behavior. This >>> caused a definite problem in some compilation environments on MacOS X >>> 10.7 when using the code standalone outside of OpenSSL, so presumably >>> it could potentially cause issues in OpenSSL as well.
http://cvs.openssl.org/chngview?cn=22752 >> Good catch! Out of curiosity, what does "compilation ... outside of >> OpenSSL" mean? Another compiler? Different optimization flags? > > > It seems to do with compilers and/or flags, yes. ... > > The errors I was seeing went away when I changed the two memcpy() > calls to memmove(). Something like "if (w == k) { memmove()...} else > { memcpy()...}" also works, i.e. still calling memcpy when the buffers > are not the same, if the optimization is important for speed. GOST implementation appears unoptimized, so that unconditional memmove is fine. Alternative could be explicit for(i=0;i<24;i++) k[i]=w[i+8]; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
