Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

In message <20180406170540.gk80...@mit.edu> on Fri, 6 Apr 2018 12:05:43 -0500, Benjamin Kaduk said: kaduk> On Fri, Apr 06, 2018 at 04:23:02PM +0200, Andy Polyakov wrote: kaduk> > > This is one reason why keeping around old assembly code can have a cost. :( kaduk> > > kaduk> > >

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

On Fri, Apr 06, 2018 at 04:23:02PM +0200, Andy Polyakov wrote: > > This is one reason why keeping around old assembly code can have a cost. :( > > > > https://github.com/openssl/openssl/pull/5320 > > There is nothing I can add to what I've already said. To quote myself. > "None of what I say

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

> This is one reason why keeping around old assembly code can have a cost. :( > > https://github.com/openssl/openssl/pull/5320 There is nothing I can add to what I've already said. To quote myself. "None of what I say means that everything *has to* be kept, but as already said, some of them

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

I'm less concerned about that access in this specific instance - as if we had a test in place for that function then make test on the platform would have picked up the issue trivially. I don't know that we asked the reporter of the issue as to *how* it was found - that would be interesting

Re: [openssl-project] FW: April Crypto Bulletin from Cryptosense

On 03/04/18 15:55, Salz, Rich wrote: > This is one reason why keeping around old assembly code can have a cost. :( Although in this case the code is <2 years old: commit e33826f01bd78af76e0135c8dfab3387927a82bb Author: Andy Polyakov AuthorDate: Sun May 15 17:01:15 2016