Groups | Search | Server Info | Login | Register

Groups > comp.compilers > #3585

Re: Crypto friendly optimization?

From Keith Thompson <Keith.S.Thompson+u@gmail.com>
Newsgroups comp.compilers
Subject Re: Crypto friendly optimization?
Date 2024-08-24 16:33 -0700
Organization Compilers Central
Message-ID <24-08-004@comp.compilers> (permalink)
References <24-08-003@comp.compilers>

Show all headers | View raw

John R Levine <johnl@taugh.com> writes:
> On a cryptography list people were complaining that compiler optimizers
> mess up their cryptographic code and make it insecure.  They try to write
> code that runs in constant time, or that erases all the temporary storage,
> but the compilers say oh, that's dead code, or oh, I can make this faster
> with a few branches and the erases go away and the constatnt time isn't.
>
> This 2018 paper from Cambridge discusses changes they made to Clang/LLVM
> so they could tell the compiler what they wanted it to do.  Has there been
> other work on this topic?
>
C23 will add the memset_explicit() function :

    The memset_explicit function copies the value of c (converted to an
    unsigned char) into each of the first n characters of the object
    pointed to by s. The purpose of this function is to make sensitive
    information stored in the object inaccessible.

I'm not aware of any current implementations that support it.

--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
void Void(void) { Void(); } /* The recursive call of the void */

[C11 has memset_s() which seems more or less the same thing.

I put the wrong link in the previous message.  The paper is
here: https://ieeexplore.ieee.org/document/8406587 -John]

Back to comp.compilers | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Crypto friendly optimization? John R Levine <johnl@taugh.com> - 2024-08-24 17:14 -0400
  Re: Crypto friendly optimization? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-08-24 16:33 -0700
    Re: Crypto friendly optimization? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2024-08-24 20:55 -0700
    Re: Crypto friendly optimization? anton@mips.complang.tuwien.ac.at - 2024-08-25 16:06 +0000
      Re: Crypto friendly optimization? David Brown <david.brown@hesbynett.no> - 2024-08-25 21:12 +0200
      Re: Crypto friendly optimization? Philipp Klaus Krause <pkk@spth.de> - 2025-04-05 19:50 +0200
  Re: Crypto friendly optimization? Ian Lance Taylor <ianlancetaylor@gmail.com> - 2024-08-24 20:14 -0700
  Re: Crypto friendly optimization? David Brown <david.brown@hesbynett.no> - 2024-08-25 12:32 +0200

csiph-web