In the scope of a sub-subversion maintenance bump...

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

In the scope of a sub-subversion maintenance bump...

wrowe
How did C 'inline' become a mandatory feature, particularly as a security release?
Reply | Threaded
Open this post in threaded view
|

RE: In the scope of a sub-subversion maintenance bump...

wrowe
--------- Original Message ---------
Subject: In the scope of a sub-subversion maintenance bump...
From: [hidden email]
Date: 10/17/14 12:15 am
To: [hidden email]

How did C 'inline' become a mandatory feature, particularly as a security release?
 
Researching a bit more, I see this is being 'discussed internally' (usually a symptom of a defective OSS development methodology).
 
So to be very specific;

aix-cc

additional flags; -L/usr/lib/threads -lpthreads -qansialias -qthreaded -D_THREAD_SAFE -D__VACPP_MULTI__ -D_REENTRANT threads -g

It's a little hard to argue I might be using the wrong invocation of IBM XLC if 'aix-cc' remains in the Configure schema, no?  In fact, I strictly invoke xlc_r, except for OpenSSL 'encouraged' deviations.

Yours,

Bill

[I'm all for mandating C99 - but not for switching prereqs of a legacy/maintenance branch]

Reply | Threaded
Open this post in threaded view
|

RE: In the scope of a sub-subversion maintenance bump...

Salz, Rich
> [I'm all for mandating C99 - but not for switching prereqs of a legacy/maintenance branch]

That was not our intent -- to do the switch -- and it's a bug we're working on.  Thanks for the report.
        /r$
--  
Principal Security Engineer, Akamai Technologies
IM: [hidden email] Twitter: RichSalz

:��I"Ϯ��r�m���� (���Z+�7�zZ)���1���x ��h���W^��^��%����&jם.+-1�ځ��j:+v�������h�
Reply | Threaded
Open this post in threaded view
|

Re: In the scope of a sub-subversion maintenance bump...

Matt Caswell-2
In reply to this post by wrowe
On 17/10/14 06:15, [hidden email] wrote:
> How did C 'inline' become a mandatory feature, particularly as a
> security release?

It isn't - there is no change in policy here, just a known issue with
the release. "inline" is (supposed to be) used only if the compiler
supports it. See:
http://marc.info/?l=openssl-users&m=141349050628983&w=2

The code in question was introduced as part of security hardening work
to improve the constant time behaviour of certain sections of code.

Matt
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]