http://www.viva64.com/en/b/0178/
OPENSSL_cleanse is being called with pointer size instead of the buffer size in some places. For example crypto/des/des.c: void doencryption(void) ... static unsigned char *buf=NULL,*obuf=NULL; ... OPENSSL_cleanse(buf,sizeof(buf)); OPENSSL_cleanse(obuf,sizeof(obuf)); This is leaving memory uncleared. -- Kees Cook @outflux.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org