I've now tested both Francis Dupont's original patch and Jung-uk Kim's replacement. Both patches work for my test case (make test with the rpki.net Python code), both on FreeBSD 8.2-STABLE (with gcc 4.6 and binutils from ports, to get new enough tools to show the problem with the unpatched code) and also on the ancient Debian Etch box we used for earlier testing. That said, the rpki.net code is not exercising the OpenSSL assembler bug all that hard, the problem we ran into was just a link-time error, we've never seen a crash due to this. Might be a difference between gcc and clang, but that's just speculation.
I'm not sufficiently familiar with the assembly language on this newfangled hardware to have an independent technical opinion on the patched code (now if it were PDP-10 assembler, that'd be a different story...), but if Jung-uk Kim's patch prevents the core dumps he was seeing, I'd say we should go with his patch. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
