From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1N7w4w-0002RD-He
	for mharc-grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:34 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N7w4u-0002Qc-TE
	for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:32 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N7w4p-0002OS-Q4
	for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:32 -0500
Received: from [199.232.76.173] (port=37161 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N7w4p-0002OL-Jx
	for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:27 -0500
Received: from mail-bw0-f215.google.com ([209.85.218.215]:36679)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1N7w4o-0006fy-VU
	for grub-devel@gnu.org; Tue, 10 Nov 2009 14:08:27 -0500
Received: by bwz7 with SMTP id 7so360838bwz.26
	for <grub-devel@gnu.org>; Tue, 10 Nov 2009 11:08:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:x-enigmail-version:content-type;
	bh=t3fkqYBqe6J8qYOkLYJoSjPFmhop1kMtuZZYV38G/aA=;
	b=JoBCEoDXIlfIG8W7ZdYioGpC4zqkvc9EQ8ykRtViWHE5Y+j9WKIlLwMbdwhX7+CNE1
	hXJkRF5TB6r9BW0526v6Ka+FKobWMbDQgLHRetKbN4fMLIRhPO4wahZ0KocTGaupk+y1
	IL8lPTTnEVWazBgjixuawezs8WzBnI5BnPyX4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:x-enigmail-version:content-type;
	b=Oj7yW/EMOSnfq0XcCT9FFD9f9JsMEbkX6yyvfoYonD4MwvcqABrlWgkLRWpi5SaPHO
	RB2wO3cHV2i3FGPhWpfq/R3U4D4sOUfYW5fxEZq3XXAPV50RCPoRdUbNeslEP0Qr9cz2
	JV3J0e2h7EHEiDBnDi7kR86hSdvNKIUpinEv0=
Received: by 10.204.7.195 with SMTP id e3mr473125bke.118.1257880105021;
	Tue, 10 Nov 2009 11:08:25 -0800 (PST)
Received: from debian.bg45.phnet (vpn-global-118-dhcp.ethz.ch
	[129.132.211.118])
	by mx.google.com with ESMTPS id h2sm1561080fkh.36.2009.11.10.11.08.22
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 10 Nov 2009 11:08:23 -0800 (PST)
Message-ID: <4AF9B88E.6020507@gmail.com>
Date: Tue, 10 Nov 2009 20:01:34 +0100
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20091109)
MIME-Version: 1.0
To: The development of GNU GRUB <grub-devel@gnu.org>
References: <20091109010422.GA23417@thorin>	<4AF885EE.7000709@duboucher.eu>	<4AF88AEF.8010102@gmail.com>	<ca0f59980911092139j243ea3a0r84981345010051cf@mail.gmail.com>	<ca0f59980911100028g696e1067n4a16f24d03e10d05@mail.gmail.com>	<ca0f59980911100046s39ca6a90ta69c686f2466d444@mail.gmail.com>	<ca0f59980911100052l366af89eje38b4fd86ad7febd@mail.gmail.com>	<ca0f59980911100105tc4f2acau4ef52f62600230d@mail.gmail.com>	<ca0f59980911100437w7b6f8bcdi5519bf199496be7d@mail.gmail.com>	<4AF977DD.5090801@duboucher.eu>	<ca0f59980911100647l5349f861g28bcc4d1df864948@mail.gmail.com>
	<4AF9A638.7090503@duboucher.eu>
In-Reply-To: <4AF9A638.7090503@duboucher.eu>
X-Enigmail-Version: 0.95.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="------------enig9A791F8F7BA0C12F946D0A3E"
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: Imminent bugfix release (1.97.1)
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 19:08:33 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig9A791F8F7BA0C12F946D0A3E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Duboucher Thomas wrote:
> Bean a =C3=A9crit :
> > Hi,
>
> > My previous function ensures that execution time is the same
> > regardless of the input. Although it's not necessary, I guess it's a
> > nice feature to have. BTW, the simpler function does leak one
> > information, the size of buffer as the execution time would increase
> > until the buffer size is reached.
>
>
>     Hi,
>
>     Yes, constant time of execution _is_ a constraint of this function.=

> However, I don't think that giving access to the size of the buffer is =
a
> leak per se, the source code of Grub being available for everyone; We
> only need not to leak more informations than already available.
>
Yes. No security analysis can assume attacker doesn't have the source cod=
e
>     Thomas.

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel



--=20
Regards
Vladimir 'phcoder' Serbinenko



--------------enig9A791F8F7BA0C12F946D0A3E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iF4EAREKAAYFAkr5uJ0ACgkQNak7dOguQgldsQD/cXNw6eC8issBEWAOCGfFHMih
syKceEkNHY+30kEpa04BAJXqD9XaGWiDBOPjzPpqGnYYmW/aAW+Qzo9408dlWCi5
=tYcU
-----END PGP SIGNATURE-----

--------------enig9A791F8F7BA0C12F946D0A3E--