libcrypt/md5.c: a few statics can be auto variables; strlen("const") is silly
Will Newton
will.newton at gmail.com
Wed Jun 11 15:32:35 UTC 2008
On Wed, Jun 11, 2008 at 4:22 PM, Denys Vlasenko
<vda.linux at googlemail.com> wrote:
> On Wednesday 11 June 2008 11:37, Will Newton wrote:
>> On Tue, Jun 10, 2008 at 9:49 PM, Denys Vlasenko
>> > It makes sp, ep and p variables automatic.
>> > There is no point in having them static,
>> > they never use their values retained from previous call.
>> > These are code lines where they are assigned to:
>>
>> This looks like it should be safe. Although it might be worth finding
>> the original author and asking why it is done this way, following the
>> Debian openssl incident. ;-)
>
> openssl incident? Did I miss some fun? :)
This is a fairly good summary:
http://research.swtch.com/2008/05/lessons-from-debianopenssl-fiasco.html
The general lesson being: be very careful when modifying crypto code.
Although I think the changes you proposed are safe.
btw I tested the strlen change and this code:
#include <string.h>
static const unsigned char __md5__magic[] = "$1$";
int foo(void)
{
return strlen(__md5__magic);
}
compiles to this:
Disassembly of section .text:
00000000 <foo>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: b8 03 00 00 00 mov $0x3,%eax
8: 5d pop %ebp
9: c3 ret
More information about the uClibc
mailing list