I did as you suggested and changed jge to jae in the branches 0.9.8-dev, 0.9.7-stable and 0.9.6-stable. Please test tomorrow's snapshots.
Thanks for your contribution. Ticket resolved. [EMAIL PROTECTED] - Tue Jul 22 10:52:32 2003]: > When calling the MD5 function on very large data sets (around 2GB) in > memory or from a memory map, the computed MD5 sum is false and even > worth, can cause the program to crash with a seg-fault. By tracking > down > the calculation of the sum, I found out that this behaviour occurs > when > the data pointer crosses the address 0X80000000L in the MD5_Update() > function, thus wrapping around from a positive to negative integer. > The > reason for this error lies in the comparison of two signed numbers > rather than two unsigned numbers in the assembly code found in > crypto/md5/asm/md5-586.pl at line 296. Instead of a "jge" (greater > equal) instruction, there should be a "jae" (above equal) instruction > for evaluating an unsigned compare. > > An even better fix, IMHO, would be to omit the 64 bytes subtraction > from > the target address register right at the begining of the function call > and then just compare the pointers for equality (jne). > > In order to compile, the "jae" instruction must also be added > somewhere > in the crypto/perlasm/x86unix.pl and x86ms.pl perl scripts. > > > OpenSSL self-test report: > > OpenSSL version: 0.9.7c-dev > Last change: In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate > ad... > Options: no-krb5 > OS (uname): Linux mx040 2.4.4-4GB #1 Wed May 16 00:37:55 GMT > 2001 > i686 unknown > OS (config): i686-whatever-linux2 > Target (default): linux-pentium > Target: linux-pentium > Compiler: Configured with: > Thread model: posix > gcc version 3.2.2 > > Eric -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
