[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Oct 24 01:12:45 EDT 2015


Bertrand Mollinier Toublet <crypto-metzdowd at bmt-online.org> writes:

>For that matter, I have the following program:
>
>[...]
>
>Which is yours, but in an actually compilable form.

No it's not.  Go back to my posting and read what it says, specfically the
fact that I point out that it uses argc to prevent the compiler from
optimising the contents of the code away (again, hat tip to Alexander
Cherepanov for providing the original).

>I’ve seen a lot of high claims in this thread about how gcc is bent on
>shooting your foot for you, with the full might of the language standard
>behind it, but I’m not seeing it.

If you still can't see what you've done wrong in your code based on my comment
above, use gcc -S.

This does however beautifully illustrate my point.  You've got an absolutely
trivial function with a total of ten lines of code that adds two values and
prints the result, and yet it does nothing like what you think it does.  If
you can't get a+b=c right, how are coders working on 1M LOC applications
expected to deal with every single case where the compiler can break their
code?

>In other words, your (generic your, not just you, Ray) beef is not with the
>language, but with the toolchains you happen to have at your disposal.

Absolutely.  I'll note that compilers like MSVC, armcc, suncc, and IBM's xlc,
which follow exactly the same C standard that gcc does, don't break the code
in the same way that gcc does.  gcc is by far the worst compiler in terms of
code breakage.

Condensing replies to several emails to reduce bandwidth, Werner Koch
  <wk at gnupg.org> writes:

>I would describe it in a mail with less hash words

Oh, trust me, that wasn't harsh words :-).  I actually thought about what
description to use before I posted it, how would you describe someone who's
made a conscious decision that their product will act in a way that breaks
other people's products, in other words that it fails to function as expected.
You can't use "negligent" because they made a conscious decision to do so, and
then applying the maxim "never attribute to malice what is adequately
explained by stupidity"...

Peter.


More information about the cryptography mailing list