>>> Probably this "strict aliasing" 64-bit optimization bug for >>> "crypto/bn/bn_nist.c" > > What bug are you talking about? There doesn't seem to be a strict > aliasing warning in that file, and they use a union to get around > the problem. > >>> Mac OSX compiler fail test/ectest: cc [Apple LLVM version 4.2 >>> (clang-425.0.24) (based on LLVM 3.2svn)] gcc-mp-4.3 gcc-mp-4.4 gcc-mp-4.5 >>> gcc-mp-4.6 clang-mp-3.0 clang-mp-3.1 clang-mp-3.2 >>> >>> Mac OSX compiler test/ectest OK: gcc-apple-4.2 gcc-mp-4.7 gcc-mp-4.8 >>> [gcc-mp-4.8 (MacPorts gcc48 4.8-20130203_0+universal) 4.8.0 20130203 >>> (experimental)] clang-mp-2.9 clang-mp-3.3 [clang version 3.3 (trunk 173279)] > > I can at least reproduce the problem with clang 3.0.
Oh, that I managed to reproduce. http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=750398acd85a7ae220d272d28a76dff7bb269c31 works around this one. Serguei, could you test if it fixes even your problem[s]? > PS: I think at least this patch makes sense, but doesn't change anything: > --- a/crypto/bn/bn_nist.c > +++ b/crypto/bn/bn_nist.c > @@ -530,7 +530,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const > BIGNUM *field, > { > NIST_INT64 acc; /* accumulator */ > unsigned int *rp=(unsigned int *)r_d; > - const unsigned int *bp=(const unsigned int *)buf; > + const unsigned int *bp=(const unsigned int *)buf.ui; > > acc = rp[0]; acc -= bp[7-7]; > acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= > 32; The typo will be fixed as we go. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org