[Cryptography] Other obvious issues being ignored?

[Peter Gutmann]

Arnold Reinhold <agr at me.com> writes:

>Compilers that break security code in the name of optimization. The C
>community in particular insists that it is ok to delete potential overflows,
>even deleting assert checks,  and to ignore zeroization of data that will not
>be used again. Rather than demanding change, security programmers resort to
>subterfuge to fool the compiler, but there is no guarantee that the tricks
>employed will still work in the next release of the compiler or when ta newt
>build is done with a different optimization setting.

Have you been reading the PHC list by any chance?  (There was a thread on this
on there recently).

gcc is by far the biggest offender in this regard (although LLVM seems to be
following hard in its footsteps).  For an example of how deep the braindamage
goes, consider the following (example provided by Alexander Cherepanov):

-- Snip --

#include <stdio.h>
#include <limits.h>

int main(int argc, char **argv)
{
   /* for x * 10 to overflow let's take
      something a bit larger than INT_MAX / 10 */
   int x = INT_MAX / 10 + argc * 10;

   if (x >= 0) {
     int y = x * 10;

     if (y >= 0) {
       printf("%d\n", y);
     }
   }

   return 0;
}

-- Snip --

*Without compiling and running it*, what would you expect to see as output?
Not any specific value (the use of argc is to prevent it from being optimised
away, it has no special significance otherwise), but just a general
description of the sort of thing that would or would not be displayed.

Peter.