Groups | Search | Server Info | Login | Register
Groups > comp.compilers > #3588
| Path | csiph.com!weretis.net!feeder9.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!nerds-end |
|---|---|
| From | David Brown <david.brown@hesbynett.no> |
| Newsgroups | comp.compilers |
| Subject | Re: Crypto friendly optimization? |
| Date | Sun, 25 Aug 2024 12:32:42 +0200 |
| Organization | Compilers Central |
| Sender | johnl%iecc.com |
| Approved | comp.compilers@iecc.com |
| Message-ID | <24-08-007@comp.compilers> (permalink) |
| References | <24-08-003@comp.compilers> |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| Injection-Info | gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970"; logging-data="22551"; mail-complaints-to="abuse@iecc.com" |
| Keywords | optimize |
| Posted-Date | 25 Aug 2024 13:28:18 EDT |
| X-submission-address | compilers@iecc.com |
| X-moderator-address | compilers-request@iecc.com |
| X-FAQ-and-archives | http://compilers.iecc.com |
| In-Reply-To | <24-08-003@comp.compilers> |
| Xref | csiph.com comp.compilers:3588 |
Show key headers only | View raw
On 24/08/2024 23:14, John R Levine wrote:
> On a cryptography list people were complaining that compiler optimizers
> mess up their cryptographic code and make it insecure. They try to write
> code that runs in constant time, or that erases all the temporary storage,
> but the compilers say oh, that's dead code, or oh, I can make this faster
> with a few branches and the erases go away and the constatnt time isn't.
>
> This 2018 paper from Cambridge discusses changes they made to Clang/LLVM
> so they could tell the compiler what they wanted it to do. Has there been
> other work on this topic?
There are all sorts of compiler flags, extensions and attributes in gcc
that can help here for security-critical code. I don't know the details
for clang, but I believe there is a great deal of overlap with gcc here.
<https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fhardened>
Enables a lot of security-related flags to limit attacks.
Stack scrubbing in general is useful here:
<https://gcc.gnu.org/onlinedocs/gcc/Stack-Scrubbing.html>
There are type and function attributes that give more control over stack
scrubbing.
And inline assembly can be used to control effects.
#include <string.h>
extern void get_password(char * p);
extern void use_password(const char * p);
void unsafe(void) {
char password[80];
get_password(password);
use_password(password);
memset(password, 0, sizeof(password));
}
void safer(void) {
char password[80];
get_password(password);
use_password(password);
memset(password, 0, sizeof(password));
__asm__ ("" : "+m" (password));
}
<https://godbolt.org/z/6vjeP8ac8>
These are, of course, compiler-specific. But it covers gcc and clang,
and the inline assembly works for old and new versions (stack scrubbing
is a relatively new addition to the compilers).
Back to comp.compilers | Previous | Next — Previous in thread | Find similar
Crypto friendly optimization? John R Levine <johnl@taugh.com> - 2024-08-24 17:14 -0400
Re: Crypto friendly optimization? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-08-24 16:33 -0700
Re: Crypto friendly optimization? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-08-24 20:55 -0700
Re: Crypto friendly optimization? anton@mips.complang.tuwien.ac.at - 2024-08-25 16:06 +0000
Re: Crypto friendly optimization? David Brown <david.brown@hesbynett.no> - 2024-08-25 21:12 +0200
Re: Crypto friendly optimization? Philipp Klaus Krause <pkk@spth.de> - 2025-04-05 19:50 +0200
Re: Crypto friendly optimization? Ian Lance Taylor <ianlancetaylor@gmail.com> - 2024-08-24 20:14 -0700
Re: Crypto friendly optimization? David Brown <david.brown@hesbynett.no> - 2024-08-25 12:32 +0200
csiph-web