Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 May 2007 14:43:24 -0400
From:      Kris Kennaway <kris@obsecurity.org>
To:        Colin Percival <cperciva@freebsd.org>
Cc:        FreeBSD Current <freebsd-current@freebsd.org>
Subject:   Re: HEADS UP: OpenSSL problems after GCC 4.2 upgrade
Message-ID:  <20070520184324.GA41576@xor.obsecurity.org>
In-Reply-To: <465034CE.4060802@freebsd.org>
References:  <20070520022722.1f5a0cda@kan.dnsalias.net> <465034CE.4060802@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 20, 2007 at 07:45:18AM -0400, Colin Percival wrote:
> Alexander Kabaev wrote:
> > there were several reports of OpenSSL being broken when compiled with
> > GCC 4.2. It turns out OpenSSL uses function casting feature that was
> > aggressively de-supported by GCC 4.2 and GCC goes as far as inserting
> > invalid instructions ON PURPOSE to discourage the practice.
> > ...
> 
> For the record (since I know several people were asking at BSDCan), this is
> a great example of why it makes sense to have libmd as well as libcrypto: A
> minimal hashing library which we maintain ourselves is far less likely to
> randomly break than a bloated^W more feature-complete library which is
> maintained outside of FreeBSD and occasionally imported onto a vendor branch.

Well that's kind of a straw man because it's not actually what I
suggested.  I was advocating compiling a minimal libmd that only
compiles (from openssl sources instead of our separate libmd sources)
the same subset of the code that we currently use in libmd, without
the additional bloat of libcrypto.

At least the last time I looked at openssl this was possible, and one
ends up with something very similar to our current libmd, plus
additional bug fixes.

Kris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070520184324.GA41576>