--------- Original Message --------- Subject: In the scope of a sub-subversion maintenance bump... From: ***@rowe-clan.net Date: 10/17/14 12:15 am To: openssl-***@openssl.org
How did C 'inline' become a mandatory feature, particularly as a security release?
Researching a bit more, I see this is being 'discussed internally' (usually a symptom of a defective OSS development methodology).
So to be very specific; aix-cc additional flags; -L/usr/lib/threads -lpthreads -qansialias -qthreaded -D_THREAD_SAFE -D__VACPP_MULTI__ -D_REENTRANT threads -g It's a little hard to argue I might be using the wrong invocation of IBM XLC if 'aix-cc' remains in the Configure schema, no? In fact, I strictly invoke xlc_r, except for OpenSSL 'encouraged' deviations. Yours, Bill [I'm all for mandating C99 - but not for switching prereqs of a legacy/maintenance branch]
Post by w***@rowe-clan.net [I'm all for mandating C99 - but not for switching prereqs of a legacy/maintenance branch]
That was not our intent -- to do the switch -- and it's a bug we're working on. Thanks for the report. /r$ -- Principal Security Engineer, Akamai Technologies IM: ***@jabber.me Twitter: RichSalz
Post by w***@rowe-clan.net How did C 'inline' become a mandatory feature, particularly as a security release?
It isn't - there is no change in policy here, just a known issue with the release. "inline" is (supposed to be) used only if the compiler supports it. See: http://marc.info/?l=openssl-users&m=141349050628983&w=2
The code in question was introduced as part of security hardening work to improve the constant time behaviour of certain sections of code.
Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-***@openssl.org Automated List Manager ***@openssl.org