[Cryptography] How programming language design can help us write secure crypto code
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Nov 3 08:08:29 EST 2015
Nemo <nemo at self-evident.org> writes:
>Or pass the "-fwrapv" flag to GCC or Clang (
>http://stackoverflow.com/a/3679149)
This only fixes some of the brokenness. Even if you trawl through the huge
mass of docs and figure out the full (and ever-expanding) complement of flags
you need to pass to gcc to try and undo some of the mess the compiler creates
(this currently stands at "-fwrapv -fno-strict-overflow
-fno-delete-null-pointer-checks"), you still can't fix all the issues. For
example on any known processor that gcc generates code for, taking the 32-bit
value 0x01 and shifting it left consistently gives you 0x80000000. However,
the spec says this is UB, so gcc can do whatever it likes with that, even
though the behaviour is completely predictable and known.
The scariest example of how crazy things can get is with time handling. Under
MSVC, to work with time values (e.g. "will an event that occurs in ten
minutes' time fall within a given window") you use "if( currentTime + 3600 >
threshold && currentTime + 3600 < other_threshold )". While the spec says
that this is UB, the MSVC developers recognise that being able to actually
work with time values is kinda useful, and guarantee that the above will
always work [0].
With gcc the same thing involves jumping through all manner of hoops in order
to recast anything you do in terms of difftime(), the only operation that's
allowed on time_t's. Anything but the most trivial operations then become a
form of mental gymnastics, like working with a one instruction set computer
(OISC) whose only instruction is difftime(). Since most people aren't geared
up to think in terms of programming OISCs, who knows how many errors will be
introduced by this...
>People should either actually learn C -- it was standardized in 1989, for
>crying out loud -- or they should stick to child-friendly languages.
Can you point me to an online repository of a significant body of code you've
written? I'd love to run it through some analysers to see what they find. I
mean, I'm sure you write absolutely perfect, fault-free C code, but it'd be an
interesting exercise nonetheless.
Peter.
[0] OK, working with times far beyond the heat death of the universe isn't
guaranteed.
More information about the cryptography
mailing list