And it should have a test - which has nothing to do with ASM and everything to do with improving test coverage.
Bugs are bugs - and any form of meaningful test would have caught this. For the majority of the ASM code - the algorithm implementations we have tests that cover things in a decent manner. Improving tests is the solution - not whacking ASM code. Tests will catch issues across *all* implementations. Tim. On Tue, 3 Apr. 2018, 8:29 am Salz, Rich, <[email protected]> wrote: > > On 03/04/18 15:55, Salz, Rich wrote: > > This is one reason why keeping around old assembly code can have a > cost. :( > > Although in this case the code is <2 years old: > > So? It's code that we do not test, and have not tested in years. And > guess what? Critical CVE. > > _______________________________________________ > openssl-project mailing list > [email protected] > https://mta.openssl.org/mailman/listinfo/openssl-project >
_______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
