[Cryptography] Heartbleed and fundamental crypto programming practices

[Jerry Leichter]

On Apr 27, 2014, at 10:30 AM, ianG <iang at iang.org> wrote:
>> You want a generator to do this for you or you, or some successor, will eventually get it wrong.
> I think if one is working in a big team then one might want that.
> Successor is a good word.
> 
> If one is paranoid then one prefers to do it oneself...  Paranoia lives
> forever, succession isn't an issue.
I'm actually perfectly happy to use the C/C++ pre-processor for this kind of stuff.  I know there are people who recoil in horror at the notion of macros, much less macros that assume that they are in an environment where certain names mean certain things.  Tough.  If I have 100 entry points that all have the same first three parameters, I have no problem insisting that they be named the same in all 100.  I'm willing to go so far as to have a FOO_ENTRY macro that generates the entry point, inserting the fixed parameters.  (Well, you end up needing a DECLARE_FOO_ENTRY and a DEFINE_FOO_ENTRY.)

Yes, this requires very careful programming and testing, but you get exactly the code you want - you can actually look at it easily if you care - and you only have to get it right *once*.  Lisp programmers have no problem with this kind of thing (though they have an immensely better macro expander available to them).

Frankly, some of the C++ metaprogramming hackery does much the same thing - but in a way that's often even more opaque.
                                                        -- Jerry