On Jan 22, 2010, at 22:20 , Tomas Mraz wrote: > On Fri, 2010-01-22 at 19:19 +0200, Martin Paljak wrote: >> Is OPENSSL_cleanse supposed to be callable with zero length? > That's a question I did a very quick overview of the calls to > OPENSSL_cleanse() in openssl and did not found anything suspicious at > first sight that it would call it eventually with 0 bytes but there are > definitely places that might need some deeper review.
The call in question comes from an external library (OpenSC). I'll take it as a bug that will be fixed in OpenSSL and shall not call OPENSSL_cleanse with zero length for now. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
