From owner-freebsd-current@FreeBSD.ORG Sun May 20 18:43:25 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8C38B16A468; Sun, 20 May 2007 18:43:25 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 7A41113C483; Sun, 20 May 2007 18:43:25 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 795401A4D84; Sun, 20 May 2007 11:44:22 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id A779651417; Sun, 20 May 2007 14:43:24 -0400 (EDT) Date: Sun, 20 May 2007 14:43:24 -0400 From: Kris Kennaway To: Colin Percival Message-ID: <20070520184324.GA41576@xor.obsecurity.org> References: <20070520022722.1f5a0cda@kan.dnsalias.net> <465034CE.4060802@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <465034CE.4060802@freebsd.org> User-Agent: Mutt/1.4.2.2i Cc: FreeBSD Current Subject: Re: HEADS UP: OpenSSL problems after GCC 4.2 upgrade X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2007 18:43:25 -0000 On Sun, May 20, 2007 at 07:45:18AM -0400, Colin Percival wrote: > Alexander Kabaev wrote: > > there were several reports of OpenSSL being broken when compiled with > > GCC 4.2. It turns out OpenSSL uses function casting feature that was > > aggressively de-supported by GCC 4.2 and GCC goes as far as inserting > > invalid instructions ON PURPOSE to discourage the practice. > > ... > > For the record (since I know several people were asking at BSDCan), this is > a great example of why it makes sense to have libmd as well as libcrypto: A > minimal hashing library which we maintain ourselves is far less likely to > randomly break than a bloated^W more feature-complete library which is > maintained outside of FreeBSD and occasionally imported onto a vendor branch. Well that's kind of a straw man because it's not actually what I suggested. I was advocating compiling a minimal libmd that only compiles (from openssl sources instead of our separate libmd sources) the same subset of the code that we currently use in libmd, without the additional bloat of libcrypto. At least the last time I looked at openssl this was possible, and one ends up with something very similar to our current libmd, plus additional bug fixes. Kris