Robin Green wrote:
On Sat, 16 Jul 2011 17:01:12 -0500, austin seipp<[email protected]> wrote:
Robin, while I understand the principle behind the secure comparison
function (to avoid a timing attack based on string length,) is there a
particular reason you need GCC to optimize at level 0? Or is it just
the fact you don't want anything happening under your nose?
It's really just paranoia about future versions of GCC or other
compilers doing some clever optimisation that makes a timing attack
possible. I think you can just remove the GCC-specific attribute.
I'm happy to prepare a Mercurial changeset myself which removes that
annotation, or to accept one from one of you. Let me know how you'd
like to proceed.
I'm counting on y'all to make sure this change doesn't reopen the timing
attack that motivated Robin's patch.
_______________________________________________
Ur mailing list
[email protected]
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
