← Back to index | Original Bugzilla link

Bug 10661 – Add secureZeroMemory function in Phobos

Status
NEW
Severity
enhancement
Priority
P4
Component
phobos
Product
D
Version
D2
Platform
All
OS
All
Creation time
2013-07-17T04:30:49Z
Last change time
2024-12-01T16:18:21Z
Assigned to
No Owner
Creator
bearophile_hugs
Moved to GitHub: phobos#9611 →

Comments

Comment #0 by bearophile_hugs — 2013-07-17T04:30:49Z
I propose to add to Phobos a function similar to SecureZeroMemory that the D compiler handles in a special way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa366877%28v=vs.85%29.aspx This function acts like a memset, to zero an interval of memory. What's special of it is that the compiler never optimizes it away. So it's usable in cryptographic functions that must assure undesired information never exits the function. As example usage in std.digest.md, a strongly optimizing D compiler like LDC2 used with link-time optimization can optimize away this zeroing: struct MD5 { ... private nothrow pure void transform(const(ubyte[64])* block) { ... //Zeroize sensitive information. x[] = 0; } That can be replaced by a call to secureZeroMemory() to ensure the desired safety. Having a standard function in Phobos, supported by the compiler makes this small feature portable across all D compilers, unlike C++ where SecureZeroMemory is just a Windows function.
Comment #1 by code — 2014-04-27T13:16:37Z
+1, this is essential for resilient crypto code.
Comment #2 by bugzilla — 2014-04-27T18:47:38Z
So who wants to implement it?
Comment #3 by bearophile_hugs — 2014-04-27T18:52:25Z
(In reply to Walter Bright from comment #2) > So who wants to implement it? How do you like to implement it? As a special case, or introducing some kind of generic and reusable annotation, like @keep_function that tells the D compiler to never optimize away the calls to a specific function? I don't know what other cases there are of functions that must never be removed.
Comment #4 by yebblies — 2014-07-31T17:40:05Z
(In reply to bearophile_hugs from comment #3) > (In reply to Walter Bright from comment #2) > > So who wants to implement it? > > How do you like to implement it? As a special case, or introducing some kind > of generic and reusable annotation, like @keep_function that tells the D > compiler to never optimize away the calls to a specific function? I don't > know what other cases there are of functions that must never be removed. volatileMemset
Comment #5 by bugzilla — 2014-09-09T19:03:32Z
volatileMemset() should call the C memset_s() function, if that function exists. Also, there should be a zeroRegisters() function that zeros out all the scratch registers.
Comment #6 by blah38621 — 2014-09-09T19:12:24Z
I believe this should be in the runtime rather than phobos, primarily because it is very dependent on the specific architecture in use.
Comment #7 by robert.schadek — 2024-12-01T16:18:21Z
THIS ISSUE HAS BEEN MOVED TO GITHUB https://github.com/dlang/phobos/issues/9611 DO NOT COMMENT HERE ANYMORE, NOBODY WILL SEE IT, THIS ISSUE HAS BEEN MOVED TO GITHUB