<html><body><p>bn/bn_prime.c<br><br><font size="2" face="Arial">static int probable_prime(BIGNUM *rnd, int bits)</font><br><font size="2" face="Arial">{</font><br><font size="2" face="Arial"> int i;</font><br><font size="2" face="Arial"> prime_t mods[NUMPRIMES]; <==========</font><br><font size="2" face="Arial"> BN_ULONG delta, maxdelta;<br></font><br><br>This one is also excessive. <br><br>The problem is that even on OS's with dynamic thread stack if you do cause a stack overrun, the entire process gets frozen, a new stack for that thread is allocated, stack copied, process restarted. <br>Sounds O.K., but if you have a 1000 threads and they all sequentially hit their guard pages performance suffers rather badly with the entire process being stalled for each thread.<br>OS's without dynamic thread stacks just crash.<br><br>And yes, 256 bytes is usually O.K., but it's overall thread stack use for the component that really needs to be audited and kept within some fixed budget.<br>Any single stack allocation > 4k is generally bad news as that's large enough to reach past the (typical) 4k guard pages.<br><br>Peter<br><br><img width="16" height="16" src="cid:1__=8FBBF418DFEA00618f9e8a93df938690918c8FB@" border="0" alt="Inactive hide details for "Salz, Rich via RT" ---24/07/2015 06:35:05 AM---How about 256 on the stack? _________________________"><font color="#424282">"Salz, Rich via RT" ---24/07/2015 06:35:05 AM---How about 256 on the stack? _______________________________________________</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">"Salz, Rich via RT" <rt@openssl.org></font><br><font size="2" color="#5F5F5F">To: </font><font size="2">dwmw2@infradead.org</font><br><font size="2" color="#5F5F5F">Cc: </font><font size="2">openssl-dev@openssl.org</font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">24/07/2015 06:35 AM</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">Re: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify()</font><br><font size="2" color="#5F5F5F">Sent by: </font><font size="2">"openssl-dev" <openssl-dev-bounces@openssl.org></font><br><hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br><br><br><tt>How about 256 on the stack?<br><br><br>_______________________________________________<br>openssl-dev mailing list<br>To unsubscribe: </tt><tt><a href="https://mta.openssl.org/mailman/listinfo/openssl-dev">https://mta.openssl.org/mailman/listinfo/openssl-dev</a></tt><tt><br><br></tt><br><br><BR>
</body></html>