[Cryptography] Heartbleed and fundamental crypto programming practices
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Tue Apr 15 16:52:58 EDT 2014
> Message du 15/04/14 22:44
> De : "danimoth"
> A : "Crypto List"
> Copie à :
> Objet : Re: [Cryptography] Heartbleed and fundamental crypto programming practices
>
> On 10/04/14 at 03:49pm, Bear wrote:
> > "Doesn't affect program output: therefore is a waste of work"
> > is the underlying assumption, correct for most software, which
> > is utterly, utterly wrong for crypto.
> >
> > In C and C++, variable locations are stable (and mostly have to
> > be because those languages use explicit pointers) but you have
> > to declare them 'volatile' to be absolutely sure that the compiler
> > will never move them (without zeroing the old location) and that
> > writes to them prior to deallocation will happen as the code
> > commands.
> >
> > In most languages, there is absolutely no standard way to be sure
> > of getting an optimizing compiler to leave final writes alone.
> [cut]
>
> If I understood correctly, all crypto software should be compiled with
> -O0 flag...
Well, depends on what kind of attack you want to avoid, you may use -O3 if you want to reduce the chances against the recent attack on OpenSSL's ECDSA in some Intel chips' cache.
More information about the cryptography
mailing list