[openssl-project] FW: April Crypto Bulletin from Cryptosense
tjh at cryptsoft.com
Tue Apr 3 15:36:15 UTC 2018
And it should have a test - which has nothing to do with ASM and everything
to do with improving test coverage.
Bugs are bugs - and any form of meaningful test would have caught this.
For the majority of the ASM code - the algorithm implementations we have
tests that cover things in a decent manner.
Improving tests is the solution - not whacking ASM code. Tests will catch
issues across *all* implementations.
On Tue, 3 Apr. 2018, 8:29 am Salz, Rich, <rsalz at akamai.com> wrote:
> On 03/04/18 15:55, Salz, Rich wrote:
> > This is one reason why keeping around old assembly code can have a
> cost. :(
> Although in this case the code is <2 years old:
> So? It's code that we do not test, and have not tested in years. And
> guess what? Critical CVE.
> openssl-project mailing list
> openssl-project at openssl.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-project