search

dlangBugzillaToGithub / migration_test

0 stars 0 forks source link

Add secureZeroMemory function in Phobos #443

Open dlangBugzillaToGithub opened 11 years ago

dlangBugzillaToGithub commented 11 years ago

bearophile_hugs reported this on 2013-07-17T04:30:49Z

Transfered from https://issues.dlang.org/show_bug.cgi?id=10661

CC List

Description

I propose to add to Phobos a function similar to SecureZeroMemory that the D compiler handles in a special way:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa366877%28v=vs.85%29.aspx

This function acts like a memset, to zero an interval of memory. What's special of it is that the compiler never optimizes it away. So it's usable in cryptographic functions that must assure undesired information never exits the function.

As example usage in std.digest.md, a strongly optimizing D compiler like LDC2 used with link-time optimization can optimize away this zeroing:

struct MD5
{
...
        private nothrow pure void transform(const(ubyte[64])* block)
        {
...
            //Zeroize sensitive information.
            x[] = 0;
        }

That can be replaced by a call to secureZeroMemory() to ensure the desired safety. Having a standard function in Phobos, supported by the compiler makes this small feature portable across all D compilers, unlike C++ where SecureZeroMemory is just a Windows function.
dlangBugzillaToGithub commented 10 years ago

code commented on 2014-04-27T13:16:37Z

+1, this is essential for resilient crypto code.
dlangBugzillaToGithub commented 10 years ago

bugzilla commented on 2014-04-27T18:47:38Z

So who wants to implement it?
dlangBugzillaToGithub commented 10 years ago

bearophile_hugs commented on 2014-04-27T18:52:25Z

(In reply to Walter Bright from comment #2)
> So who wants to implement it?

How do you like to implement it? As a special case, or introducing some kind of generic and reusable annotation, like @keep_function that tells the D compiler to never optimize away the calls to a specific function? I don't know what other cases there are of functions that must never be removed.
dlangBugzillaToGithub commented 10 years ago

yebblies commented on 2014-07-31T17:40:05Z

(In reply to bearophile_hugs from comment #3)
> (In reply to Walter Bright from comment #2)
> > So who wants to implement it?
> 
> How do you like to implement it? As a special case, or introducing some kind
> of generic and reusable annotation, like @keep_function that tells the D
> compiler to never optimize away the calls to a specific function? I don't
> know what other cases there are of functions that must never be removed.

volatileMemset
dlangBugzillaToGithub commented 10 years ago

bugzilla commented on 2014-09-09T19:03:32Z

volatileMemset() should call the C memset_s() function, if that function exists.

Also, there should be a zeroRegisters() function that zeros out all the scratch registers.
dlangBugzillaToGithub commented 10 years ago

blah38621 commented on 2014-09-09T19:12:24Z

I believe this should be in the runtime rather than phobos, primarily because 
it is very dependent on the specific architecture in use.