[Cryptography] Something that's bothering me about the heartbleed discussion.....
Viktor Dukhovni
cryptography at dukhovni.org
Sat Apr 19 00:23:51 EDT 2014
On Fri, Apr 18, 2014 at 07:46:08PM -0700, Tom Mitchell wrote:
> In this case of buffer *flow errors most could be
> minimized with calloc() and freez(free_after_zeroring).
>
> And sure freez() is not a standard function....
> realloc() could leak info so a reallocz() makes sense.
> what else needs attention.
Tales from the culture wars:
Postfix 2.11 added support for LMDB databases. It took Wietse and
I considerable effort (45 email messages in the thread over 16
days), to convince the LMDB author to not leak uninitialized heap
memory into the LMDB database file in the name of performance.
Ultimately, measurement of the performance impact of initializing
new database pages before writing them to disk was reported:
I've been profiling the code the past few days. In the ideal
case (all data items smaller than 1 page, since single-page
mallocs are reused and only pay the memset cost once) the perf
difference is unmeasurable. It looks like for the worst case
data size, the additional memset is costing a 7% performance
drop on my machine. This is using a data record slightly larger
than one page, which forces the DB to allocate 2 pages and
fully initialize the 2nd page for every record. For any data
sizes larger than that the performance loss will be smaller
than 7%.
It took two weeks of good-cop, bad-cop persuasion and many different
formulations of the problem to get from "all databases make this
same optimization", to "OK, it costs little and makes sense".
LMDB is now safer by default, though IIRC it still allows users to
set a flag that turns off the memory initialization.
Vigilance can be exhausting.
--
Viktor.
More information about the cryptography
mailing list