[openssl-dev] [openssl.org #3955] [PATCH] Reduce stack usage in PKCS7_verify()
Peter Waltenberg via RT
rt at openssl.org
Thu Jul 23 22:22:08 UTC 2015
bn/bn_prime.c
static int probable_prime(BIGNUM *rnd, int bits)
{
int i;
prime_t mods[NUMPRIMES]; <==========
BN_ULONG delta, maxdelta;
This one is also excessive.
The problem is that even on OS's with dynamic thread stack if you do cause
a stack overrun, the entire process gets frozen, a new stack for that
thread is allocated, stack copied, process restarted.
Sounds O.K., but if you have a 1000 threads and they all sequentially hit
their guard pages performance suffers rather badly with the entire process
being stalled for each thread.
OS's without dynamic thread stacks just crash.
And yes, 256 bytes is usually O.K., but it's overall thread stack use for
the component that really needs to be audited and kept within some fixed
budget.
Any single stack allocation > 4k is generally bad news as that's large
enough to reach past the (typical) 4k guard pages.
Peter
From: "Salz, Rich via RT" <rt at openssl.org>
To: dwmw2 at infradead.org
Cc: openssl-dev at openssl.org
Date: 24/07/2015 06:35 AM
Subject: Re: [openssl-dev] [openssl.org #3955] [PATCH] Reduce stack
usage in PKCS7_verify()
Sent by: "openssl-dev" <openssl-dev-bounces at openssl.org>
How about 256 on the stack?
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150723/e4b80134/attachment.gif>
More information about the openssl-dev
mailing list