[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code

[Peter Gutmann]

Christian Huitema <huitema at huitema.net> writes:

>Some checkers like Prefix can check that, and complain if an integer overflow
>is possible and not checked. 

Do you mean PREfast?  That's an amazing checker, at least the newer versions
with less FPs and more meaningful diagnostics, and is getting better and
better over time:

C28020: The expression is not true at this call	
 The expression '0<=_Param_(1)&&_Param_(1)<=10' is not true at this call.	
 test.c	98

That's for a function taking as an arg and int 0...10 and passing an
unconstrained integer value to it.  And it's available even in the free
versions, which I hope was helped at least in part by my nagging about it :-).

You've also got things like a way of telling the compiler that a pointer
shouldn't be NULL, so it can warn about it, or that it may be NULL, so it can
warn about a deref without checking for NULL.

>I wonder whether the new C11 extensions enable that.

Even if they do, gcc will find a way to screw it up.  gcc has a similar
annotation to the PREfast one, __attribute__(( nonnull <arg> )).  Purely from
reading the gcc docs (so you can't compile test code with it to see what
happens, and you can't answer this if you already know what'll happen), can
someone tell me what they think this will do if applied to the following code:

__attribute__(( nonnull 1 )) \
int double( int *ptr )
  {
  if( ptr == NULL )
    return( -1 );
  return( *ptr * 2 );
  }

[...]
  thing = double( thingPtr );
[...]

Peter.