libcrypt/md5.c: a few statics can be auto variables; strlen("const") is silly

Will Newton will.newton at gmail.com
Wed Jun 11 15:32:35 UTC 2008


On Wed, Jun 11, 2008 at 4:22 PM, Denys Vlasenko
<vda.linux at googlemail.com> wrote:
> On Wednesday 11 June 2008 11:37, Will Newton wrote:
>> On Tue, Jun 10, 2008 at 9:49 PM, Denys Vlasenko
>> > It makes sp, ep and p variables automatic.
>> > There is no point in having them static,
>> > they never use their values retained from previous call.
>> > These are code lines where they are assigned to:
>>
>> This looks like it should be safe. Although it might be worth finding
>> the original author and asking why it is done this way, following the
>> Debian openssl incident. ;-)
>
> openssl incident? Did I miss some fun? :)

This is a fairly good summary:

http://research.swtch.com/2008/05/lessons-from-debianopenssl-fiasco.html

The general lesson being: be very careful when modifying crypto code.
Although I think the changes you proposed are safe.

btw I tested the strlen change and this code:

#include <string.h>

static const unsigned char __md5__magic[] = "$1$";

int foo(void)
{
  return strlen(__md5__magic);
}

compiles to this:

Disassembly of section .text:

00000000 <foo>:
   0:   55                      push   %ebp
   1:   89 e5                   mov    %esp,%ebp
   3:   b8 03 00 00 00          mov    $0x3,%eax
   8:   5d                      pop    %ebp
   9:   c3                      ret



More information about the uClibc mailing list