Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secureZeroMemory function in Phobos #9611

Open
dlangBugzillaToGithub opened this issue Jul 17, 2013 · 6 comments
Open

Add secureZeroMemory function in Phobos #9611

dlangBugzillaToGithub opened this issue Jul 17, 2013 · 6 comments
Labels
Severity:Enhancement

Comments

@dlangBugzillaToGithub
Copy link

bearophile_hugs reported this on 2013-07-17T04:30:49Z

Transfered from https://issues.dlang.org/show_bug.cgi?id=10661

CC List

Description

I propose to add to Phobos a function similar to SecureZeroMemory that the D compiler handles in a special way:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa366877%28v=vs.85%29.aspx

This function acts like a memset, to zero an interval of memory. What's special of it is that the compiler never optimizes it away. So it's usable in cryptographic functions that must assure undesired information never exits the function.


As example usage in std.digest.md, a strongly optimizing D compiler like LDC2 used with link-time optimization can optimize away this zeroing:


struct MD5
{
...
        private nothrow pure void transform(const(ubyte[64])* block)
        {
...
            //Zeroize sensitive information.
            x[] = 0;
        }


That can be replaced by a call to secureZeroMemory() to ensure the desired safety. Having a standard function in Phobos, supported by the compiler makes this small feature portable across all D compilers, unlike C++ where SecureZeroMemory is just a Windows function.
@dlangBugzillaToGithub
Copy link
Author

code (@MartinNowak) commented on 2014-04-27T13:16:37Z

+1, this is essential for resilient crypto code.

@dlangBugzillaToGithub
Copy link
Author

bugzilla (@WalterBright) commented on 2014-04-27T18:47:38Z

So who wants to implement it?

@dlangBugzillaToGithub
Copy link
Author

bearophile_hugs commented on 2014-04-27T18:52:25Z

(In reply to Walter Bright from comment #2)
> So who wants to implement it?

How do you like to implement it? As a special case, or introducing some kind of generic and reusable annotation, like @keep_function that tells the D compiler to never optimize away the calls to a specific function? I don't know what other cases there are of functions that must never be removed.

@dlangBugzillaToGithub
Copy link
Author

yebblies commented on 2014-07-31T17:40:05Z

(In reply to bearophile_hugs from comment #3)
> (In reply to Walter Bright from comment #2)
> > So who wants to implement it?
> 
> How do you like to implement it? As a special case, or introducing some kind
> of generic and reusable annotation, like @keep_function that tells the D
> compiler to never optimize away the calls to a specific function? I don't
> know what other cases there are of functions that must never be removed.

volatileMemset

@dlangBugzillaToGithub
Copy link
Author

bugzilla (@WalterBright) commented on 2014-09-09T19:03:32Z

volatileMemset() should call the C memset_s() function, if that function exists.

Also, there should be a zeroRegisters() function that zeros out all the scratch registers.

@dlangBugzillaToGithub
Copy link
Author

blah38621 commented on 2014-09-09T19:12:24Z

I believe this should be in the runtime rather than phobos, primarily because 
it is very dependent on the specific architecture in use.

@LightBender LightBender removed the P4 label Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity:Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LightBender @dlangBugzillaToGithub