[openssl-project] FW: April Crypto Bulletin from Cryptosense

Tim Hudson tjh at cryptsoft.com
Tue Apr 3 15:36:15 UTC 2018


And it should have a test - which has nothing to do with ASM and everything
to do with improving test coverage.

Bugs are bugs - and any form of meaningful test would have caught this.

For the majority of the ASM code - the algorithm implementations we have
tests that cover things in a decent manner.

Improving tests is the solution - not whacking ASM code. Tests will catch
issues across *all* implementations.

Tim.


On Tue, 3 Apr. 2018, 8:29 am Salz, Rich, <rsalz at akamai.com> wrote:

>
>     On 03/04/18 15:55, Salz, Rich wrote:
>     > This is one reason why keeping around old assembly code can have a
> cost. :(
>
>     Although in this case the code is <2 years old:
>
> So?  It's code that we do not test, and have not tested in years.  And
> guess what?  Critical CVE.
>
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180403/492eba1b/attachment.html>


More information about the openssl-project mailing list