On Sun, Jun 13, 2010 at 11:35 PM, Bernd Walter <ticso_at_cicely7.cicely.de> wrote: > Crypto code wasn't aware of this problem and this is a way more > obviuous optimization than function exchange. > And I do believe that the programmers were clever people. > Alarming, isn't it? > Maybe paranoid users might consider compiling their OS with -O0, but > I don't think this is the right way. I think that most crypto code isn't compiled with strong optimizations anyway, even when the rest of the OS or program is (or can be). After all, we do have separate compilation units... as long as you don't enable LTO, of course. Turning off strong optimizations for crypto code may seem paradoxical, but since most performance-critical routines often contain hand-optimized assembly anyway, and compiler-optimizations may be counter-productive here, the point is rather moot, usually. > It is amazing how strong the influence of optimization is and how weak > the programmers assumptions are. Indeed. That's a classic trap that trips a lot of crypto programmers in particular, and even seasoned C programmers occasionally. -cpghost. -- Cordula's Web. http://www.cordula.ws/Received on Sun Jun 13 2010 - 23:43:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:04 UTC