> > ftp://ftp.openssl.org/snapshot/. It has already been fixed (well, not
> > exactly in sunos-gcc context, but anyway:-).
>
> Has it?
Yes! Trust me:-)
> As I read the message, the bug occurs with the 0.9.3 release
> version.
SHA code on all big-endians without -DB_ENDIAN in compiler's command
line is broken. Note that it does pass sha*test, but not the last
rsa_oaep test. The catch is that the fault shows up only when the
message you hash gets long enough and sha*test (as well as first
rsa_oaep tests) hashes only short ones. I've posted the fix a day before
the release (it's called "temporary workaround for IRIX64 build" in CVS
now), but it was incorporated only on Tuesday:-( Well, the bug was
originally introduced by me and it was rather frustrating experience to
find that the fix didn't make to the release:-( Point is that I
erroneously assumed little-endian architecture whenever B_ENDIAN wasn't
defined. I should have been more conservative and assume "blended"
model. Sorry, guys!
In either case looks like you can't get away without "teen" releases,
huh? People simply don't bother to try out a pre-release snapshot and
expect the development team to make sure it works on 79 platforms listed
in Configure. That's (again) why I think the actual list of
tested/supported platforms is a must so that those who didn't bother to
grab and test snapshot could blame nobody but themselves.
Andy.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
