Hi, Here is a link to a blog post speaking about timing attacks.
http://rdist.root.org/2010/08/05/optimized-memcmp-leaks-useful-timing-differences/ It describes various memcmp() implementations of some OSes. FreeBSD is mentionned at the end of the post and it warns about the fact that gcc uses its own builtin memcmp() function when optimization (from O1 to O3) is set. Unfortunately the gcc builtin memcmp() seems less optimized (at least for i386 and amd64) than the FreeBSD memcmp() implementation (found in libc). I wonder if you know about that and if it could be a good thing to remove this feature during buildworld (through -fno-builtin or anything else) ? clem1~> cat memcmp.c int main(int ac, char **av){return memcmp("abcd", av[0], 4);} clem1~> gcc -O0 -S memcmp.c && cat memcmp.s (...) call memcmp (...) clem1~> gcc -O1 -S memcmp.c && cat memcmp.s (...) movl $4, %ecx cld repz cmpsb seta %al setb %dl subb %dl, %al movsbl %al,%eax (...) Cheers, -- Clement LECIGNE, « Hardly surprising. Apple. They build crap and make you pay extra. » _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
