In message <20180406170540.gk80...@mit.edu> on Fri, 6 Apr 2018 12:05:43 -0500,
Benjamin Kaduk said:
kaduk> On Fri, Apr 06, 2018 at 04:23:02PM +0200, Andy Polyakov wrote:
kaduk> > > This is one reason why keeping around old assembly code can have a
cost. :(
kaduk> > >
kaduk> > > https://github.
On Fri, Apr 06, 2018 at 04:23:02PM +0200, Andy Polyakov wrote:
> > This is one reason why keeping around old assembly code can have a cost. :(
> >
> > https://github.com/openssl/openssl/pull/5320
>
> There is nothing I can add to what I've already said. To quote myself.
> "None of what I say mean
> This is one reason why keeping around old assembly code can have a cost. :(
>
> https://github.com/openssl/openssl/pull/5320
There is nothing I can add to what I've already said. To quote myself.
"None of what I say means that everything *has to* be kept, but as
already said, some of them serve
I'm less concerned about that access in this specific instance - as if we
had a test in place for that function then make test on the platform would
have picked up the issue trivially.
I don't know that we asked the reporter of the issue as to *how* it was
found - that would be interesting informat
While I totally agree with the direction Tim is taking on this, we
need to remember that there's another condition as well: access to the
platform in question, either directly by one of us, or through someone
in the community. Otherwise, we can have as many tests as we want, it
still won't test *t
And it should have a test - which has nothing to do with ASM and everything
to do with improving test coverage.
Bugs are bugs - and any form of meaningful test would have caught this.
For the majority of the ASM code - the algorithm implementations we have
tests that cover things in a decent mann
On 03/04/18 15:55, Salz, Rich wrote:
> This is one reason why keeping around old assembly code can have a cost.
:(
Although in this case the code is <2 years old:
So? It's code that we do not test, and have not tested in years. And guess
what? Critical CVE.
On 03/04/18 15:55, Salz, Rich wrote:
> This is one reason why keeping around old assembly code can have a cost. :(
Although in this case the code is <2 years old:
commit e33826f01bd78af76e0135c8dfab3387927a82bb
Author: Andy Polyakov
AuthorDate: Sun May 15 17:01:15 2016 +0200
Commit: An
This is one reason why keeping around old assembly code can have a cost. :(
https://github.com/openssl/openssl/pull/5320
Andy and Tim: Still waiting for your response to my question in that PR …
--- Begin Message ---
OpenSSL bugs, TLSv1.3 latest, Cloud Crypto Logging and a free 14-day trial of