[Cryptography] Heartbleed and fundamental crypto programming practices
Tom Mitchell
mitch at niftyegg.com
Mon Apr 14 06:29:40 EDT 2014
On Sun, Apr 13, 2014 at 11:27 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> On 4/10/14 at 8:44 PM, jays at panix.com (Jay Sulzberger) wrote:
>
> Casting to a volatile pointer is a trick that might not work on all
>>> compilers, so it should be checked with each. Even so,.
>>>
>> .....snip....
>
>> For such code one should not use a compiler which requires a
>> trick to get a fundamental routine to compile to code which does
>> the job.
>>
>> That means no standard C nor C++ compiler.
>>
>
> Assembler subroutines are your friend. Clearing memory is easy to write in
> assembler, but not very portable between architectures.
>
I would add that disassemblers and debuggers are necessary too.
Some assemblers will optimize assembly language (MIPS at SGI was one).
Less of a risk but still necessary to double check:
Check the run time link loader (link editor) for changed that it
might make to deal with known issues in the hardware.
There is also the microcode blob that some processors need.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140414/7857a6be/attachment.html>
More information about the cryptography
mailing list