Mailing List Archive: GnuPG: gcrypt

[PATCH] Replace deliberate division by zero with raise(SIGFPE).

Index | Next | Previous | View Threaded

xi.wang at gmail

Jul 14, 2012, 2:39 PM

Post #1 of 4 (265 views)
Permalink

[PATCH] Replace deliberate division by zero with raise(SIGFPE).

* mpi/mpi-pow.c (gcry_mpi_powm): Replace 1 / msize.
* mpi/mpih-div.c (_gcry_mpih_divrem): Replace 1 / dsize.

1) Division by zero doesn't "provoke a signal" on architectures
like PowerPC.

2) C compilers like clang will optimize away these divisions, even
though the code tries "to make the compiler not remove" them.
---
mpi/mpi-pow.c | 6 +++++-
mpi/mpih-div.c | 6 +++---
2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index 33bbebe..c1cd3ec 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -31,6 +31,7 @@

#include "mpi-internal.h"
#include "longlong.h"
+#include "g10lib.h"

/****************
@@ -76,7 +77,10 @@ gcry_mpi_powm (gcry_mpi_t res,
ep = expo->d;

if (!msize)
- msize = 1 / msize; /* Provoke a signal. */
+ {
+ raise(SIGFPE);
+ goto leave;
+ }

if (!esize)
{
diff --git a/mpi/mpih-div.c b/mpi/mpih-div.c
index 224b810..dda53ad 100644
--- a/mpi/mpih-div.c
+++ b/mpi/mpih-div.c
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include "mpi-internal.h"
#include "longlong.h"
+#include "g10lib.h"

#ifndef UMUL_TIME
#define UMUL_TIME 1
@@ -212,9 +213,8 @@ _gcry_mpih_divrem( mpi_ptr_t qp, mpi_size_t qextra_limbs,

switch(dsize) {
case 0:
- /* We are asked to divide by zero, so go ahead and do it! (To make
- the compiler not remove this statement, return the value.) */
- return 1 / dsize;
+ raise(SIGFPE);
+ break;

case 1:
{
--
1.7.9.5

On 7/15/12 4:46 AM, Xi Wang wrote:
> Hi,
>
> There are two occurrences of intentional division by zero in mpi.
> Division by zero is undefined behavior in C, and it may not work
> as intended.
>
> 1) Division by zero doesn't "provoke a signal" on architectures
> like PowerPC.
>
> 2) C compilers like clang will optimize away these divisions, even
> though the code tries "to make the compiler not remove" them.
>
> gcry_mpi_powm() at mpi/mpi-pow.c:78
>
> if (!msize)
> msize = 1 / msize; /* Provoke a signal. */
>
> _gcry_mpih_divrem() at mpi/mpih-div.c:213
>
> switch(dsize) {
> case 0:
> /* We are asked to divide by zero, so go ahead and do it! (To make
> the compiler not remove this statement, return the value.) */
> return 1 / dsize;
>
> How about using something like signal(SIGFPE) instead?
>
> - xi
>

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

wk at gnupg

Jul 26, 2012, 4:46 AM

Post #2 of 4 (240 views)
Permalink

Re: [PATCH] Replace deliberate division by zero with raise(SIGFPE). [In reply to]

On Sat, 14 Jul 2012 23:39, xi.wang [at] gmail said:

> 1) Division by zero doesn't "provoke a signal" on architectures
> like PowerPC.

The code dates back to 1997. I checked what GMP tehse days does and
this is what we should do in libgcrypt too:

1. Call a function to handle case.
2. Do a divide by zero in this function.
3. If we are still alive abort or rais a signal.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

xi.wang at gmail

Jul 26, 2012, 4:13 PM

Post #3 of 4 (238 views)
Permalink

Re: [PATCH] Replace deliberate division by zero with raise(SIGFPE). [In reply to]

On Jul 26, 2012, at 7:46 PM, Werner Koch wrote:

> On Sat, 14 Jul 2012 23:39, xi.wang [at] gmail said:
>
>> 1) Division by zero doesn't "provoke a signal" on architectures
>> like PowerPC.
>
> The code dates back to 1997. I checked what GMP tehse days does and
> this is what we should do in libgcrypt too:
>
> 1. Call a function to handle case.
> 2. Do a divide by zero in this function.
> 3. If we are still alive abort or rais a signal.

Yeah I can make a separate function to handle the case.

JOOC, why still a division by zero in addition to raise?

- xi

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

wk at gnupg

Jul 27, 2012, 1:13 AM

Post #4 of 4 (238 views)
Permalink

Re: [PATCH] Replace deliberate division by zero with raise(SIGFPE). [In reply to]

On Fri, 27 Jul 2012 01:13, xi.wang [at] gmail said:

> Yeah I can make a separate function to handle the case.

This needs also to be integrated with the FIPS code.

> JOOC, why still a division by zero in addition to raise?

Because that is what it is about. We are merely computing with a higher
precision and thus we should behave similar to what operations on native
data sizes do.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads