On Wed, Jun 13, 2012 at 03:51:13AM +0400, Solar Designer wrote:
> Rich -
> 
> As discussed on IRC, here is a revision of the FreeSec crypt() code with
> greatly reduced memory requirements: 10 KB for the "shared" and "local"
> structs combined.  The original code required about 70 KB of .bss.

Thanks. Here's a _really_ quick draft, untested, of the direction I
wanted to take it with making the tables static-initialized. Note that
doing so allowed removing all of the table-creation code and most of
the existing tables. For me, it's weighing in at ~12k. I also removed
some unused code for things like keeping salt/keys between multiple
runs since the data is not preserved across multiple runs anyway, and
the lookup tables for bitshifts.

> Also, we could want to add a runtime self-test, which would detect
> possible miscompiles.

I understand your motivation for doing this with security-critical
things, but really most/all of libc is security-critical, and we can't
have runtime miscompilation tests all over the place. Moreover, the
vast majority of cases of GCC "miscompiling" something turn out to be
code that's invoking undefined behavior; the only non-UB example I've
encountered while working on musl is gcc 4.7's bad breakage, which is
so bad you can't even get programs to start...

Rich