[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code

[Rob Meijer]

2015-10-25 2:35 GMT+01:00 Ray Dillinger <bear at sonic.net>:

>
> I would be in favor of an extended standard for "Crypto C" such
> that all code whose behavior is specified in C would be specified
> identically in Crypto C, no new syntax or keywords would be
> introduced, and most of things that are left unspecified in the
> C standard would be either guaranteed to be compile-time errors
> or specified with an exact semantics.
>

​The problem is: Undefined behaviour is where compiler builders get to make
optimisation work for you. Would you be OK with for example having to
specify each and every variable as volatile in order to make sure your
compiler would not be able to misoptimize?  Those kinds of things would be
needed for your Crypto C and I don't think they would be a price we should
be willing to pay. If you want to 'fix' it, you will need to start thinking
about a new programming language that does things like reverse the marking
burden. For example instead of marking a variable as volatile, it would
need to be volatile by default and get a nonvolatile marker assigned to it
explicitly by the programmer to show (s)he thinks he knows what (s)he is
doing.  Removing undefined behaviour altogether removes C's edge basically
when you compare it to languages that come with other safety guaranties
(like memory safety or capability security), so if that is the price you
are willing to pay, than go for it all the way and find or create a
memory-safe, capability-secure and undefined-behaviour-free language for
cryptography.

​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151026/88202269/attachment.html>