[Cryptography] [FORGED] How programming language design can help us write secure crypto code

Bertrand Mollinier Toublet crypto-metzdowd at bmt-online.org
Sun Oct 25 00:42:09 EDT 2015


> On Oct 23, 2015, at 10:12 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> Bertrand Mollinier Toublet <crypto-metzdowd at bmt-online.org> writes:
> 
>> For that matter, I have the following program:
>> 
>> [...]
>> 
>> Which is yours, but in an actually compilable form.
> 
> No it's not.  Go back to my posting and read what it says, specfically the
> fact that I point out that it uses argc to prevent the compiler from
> optimising the contents of the code away (again, hat tip to Alexander
> Cherepanov for providing the original).
> 
Huh…

$ cat test.c 
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>

int main(int argc, char **argv) {
    int x = INT_MAX - argc - 1;
    int y = INT_MAX - argc - 2;
    int z;

    if (x < 0 || y < 0 ) exit(1);
    z = x + y;    /* undefined in case of overflow */
    if (z < 0){
        printf("overflow at line %d\n", __LINE__);
        exit(1);
    }
    printf("positive result is %d\n", z);
    return 0;
}

(notice the subtle difference, bringing back Peter’s original anti-optimization measure)

$ gcc --version
gcc (Debian 4.9.2-10) 4.9.2
Copyright (C) 2014 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


$ gcc -O3 -Wall -pedantic test.c -o test
$ ./test 
positive result is -7


I stand corrected.

(my main issue earlier was not running -O3)





Also, thanks Nemo for the explanation about where in the standard this is coming from. Frankly I’m still not quite getting it, but I also see how this is not a relevant discussion for this list, so I’ll just let it be.
-— 
Bertrand



More information about the cryptography mailing list