> > I should have also specified that I didn't just go ahead and enable them > > because I wasn't sure if they're considered safe. I like abiding by > > OpenBSD's crypto best practices when possible. > > > > Is there any reason why they're disabled by default? > > Compiler bugs generate incorrect code for 128 bit integers.
In slightly more words, we have tried enabling this code, and found out the hard way that, when compiled by the system compiler under OpenBSD, it would generate slightly wrong code, and cause computations to be subtly wrong. Until someone spends enough time checking the various compiler versions around to check which are safe to use, and which are not, this code will remain disabled in LibreSSL. Miod
