Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111115032305.GA8310@openwall.com>
Date: Tue, 15 Nov 2011 07:23:05 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Colin Percival <cperciva@...ebsd.org>
Subject: Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()

On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote:
> 3. Maybe glibc and the SHA-crypt reference code should stop using
> alloca() in favor of having the underlying MD5, SHA-256, and SHA-512
> implementations accepting potentially unaligned buffers like e.g.
> OpenSSL's implementations do.  Unfortunately, this might have
> performance impact.

This is what FreeBSD's revision of the code does, but it still has two
alloca()s per function (the alignment-unrelated ones):

http://svnweb.freebsd.org/base/head/lib/libcrypt/

More context:

http://www.openwall.com/lists/oss-security/2011/11/15/1

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.