Date: Tue, 15 Nov 2011 07:23:05 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Colin Percival <cperciva@...ebsd.org> Subject: Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote: > 3. Maybe glibc and the SHA-crypt reference code should stop using > alloca() in favor of having the underlying MD5, SHA-256, and SHA-512 > implementations accepting potentially unaligned buffers like e.g. > OpenSSL's implementations do. Unfortunately, this might have > performance impact. This is what FreeBSD's revision of the code does, but it still has two alloca()s per function (the alignment-unrelated ones): http://svnweb.freebsd.org/base/head/lib/libcrypt/ More context: http://www.openwall.com/lists/oss-security/2011/11/15/1 Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.