______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
In recent RT#2863 regarding aes-mips.pl I found reference to
sha1_armv4_large.patch in Android tree. I find it unfortunate that
problem wasn't reported and I had to find out about it this way. Because
the problem is formally more serious than originally thought. Latter
refers to fact that commit to Android tree is accompanied with "probably
just a cosmetic fix to make Valgrind happy" note. The real problem is
that there is possibility of intermediate data corruption upon
asynchronous signal delivery, with intermittent protocol failures as
consequence. It remained unnoticed so far presumably because nobody
tried to deploy the module with older glibc and kernel. Latter means
that data apparently is not corrupted if glibc and kernel are modern
enough, and that's how it worked. In either case
http://cvs.openssl.org/chngview?cn=22768 is my "official" solution.
