#38 SyZero and crypto

Closed
opened 3 years ago by devnexen · 12 comments
devnexen commented 3 years ago
Collaborator

More a question actually ... it is used as well to clear the MD5 context.
Would be interesting to know if SyZero can be possibly optimised by aggressive optimisation by the compiler thus not guarantying it. In other hash algo implementations before memset was used but then SecureZero* or explicit_bzero replaced these.
That is something I did myself for php, I implemented explicit_bzero for musl for the next release for this kind of purpose too.

More a question actually ... it is used as well to clear the MD5 context. Would be interesting to know if SyZero can be possibly optimised by aggressive optimisation by the compiler thus not guarantying it. In other hash algo implementations before memset was used but then SecureZero* or explicit_bzero replaced these. That is something I did myself for php, I implemented explicit_bzero for musl for the next release for this kind of purpose too.
devnexen added the
question
label 3 years ago
likoski commented 3 years ago
Owner

Could you tell us something more about this?

Could you tell us something more about this?
devnexen commented 3 years ago
Poster
Collaborator

In fact SecureZero* functions from Win32 API and explicit_bzero/explicit_memset (NetBSD flavor if I recall) had been created to guarantee the address is gueninely cleared regardless of the code consumer compiler optimisation used(basically either adding a memory barrier like musl or a particular compiler settings different from the rest of the libc like openbsd does for example ...).
Do not know if I am clear enough though :-)

In fact SecureZero* functions from Win32 API and explicit_bzero/explicit_memset (NetBSD flavor if I recall) had been created to guarantee the address is gueninely cleared regardless of the code consumer compiler optimisation used(basically either adding a memory barrier like musl or a particular compiler settings different from the rest of the libc like openbsd does for example ...). Do not know if I am clear enough though :-)
likoski commented 3 years ago
Owner

Yes, this is clear but I do not see the question. I suppose, you would like similar solution in Aer?

Yes, this is clear but I do not see the question. I suppose, you would like similar solution in Aer?
devnexen commented 3 years ago
Poster
Collaborator

Ah the question is SyZero able to guarantee to clear the context regardless of the optimisation ? :-)

Ah the question is SyZero able to guarantee to clear the context regardless of the optimisation ? :-)
belliash commented 3 years ago
Owner

When I look at PH7 as overall and the amount of bugs as well as Symisc Systems approach, I doubt it can guarantee anything. :)
For example SyStringInitFromBuf() simply takes the char* and int and stores into a structure. The string can be of any length, and any length can be specifies. However, the length is not checked anywhere and I already several times came across SyString showing some trash after the requested string. Symisc resolved that by adding %z to their string formating functions. But if you want to convert SyString to char*, you should be careful.

When I look at PH7 as overall and the amount of bugs as well as Symisc Systems approach, I doubt it can guarantee anything. :) For example SyStringInitFromBuf() simply takes the char* and int and stores into a structure. The string can be of any length, and any length can be specifies. However, the length is not checked anywhere and I already several times came across SyString showing some trash after the requested string. Symisc resolved that by adding %z to their string formating functions. But if you want to convert SyString to char*, you should be careful.
devnexen commented 3 years ago
Poster
Collaborator

Ok ... something to keep in mind even though not the highest priority at the moment.

Ok ... something to keep in mind even though not the highest priority at the moment.
devnexen was assigned by belliash 3 years ago
likoski commented 3 years ago
Owner

I have analysed the SyZero() function and in my opinion we could rely on it. It iterates over all elements and sets their values to zero. We just have to remember that all pointer will also be zero-ed.

I just wonder, what was the reason of this code:

for(;;) {
	if(zSrc >= zEnd) {
        break;
	}
	zSrc[0] = 0;
	zSrc++;
	if(zSrc >= zEnd) {
        break;
	}
	zSrc[0] = 0;
	zSrc++;
	if(zSrc >= zEnd) {
        break;
	}
	zSrc[0] = 0;
	zSrc++;
	if(zSrc >= zEnd) {
        break;
	}
	zSrc[0] = 0;
	zSrc++;
}

Why not the shorter version?

for(;;) {
	if(zSrc >= zEnd) {
        break;
	}
	zSrc[0] = 0;
	zSrc++;
}
I have analysed the SyZero() function and in my opinion we could rely on it. It iterates over all elements and sets their values to zero. We just have to remember that all pointer will also be zero-ed. I just wonder, what was the reason of this code: for(;;) { if(zSrc >= zEnd) { break; } zSrc[0] = 0; zSrc++; if(zSrc >= zEnd) { break; } zSrc[0] = 0; zSrc++; if(zSrc >= zEnd) { break; } zSrc[0] = 0; zSrc++; if(zSrc >= zEnd) { break; } zSrc[0] = 0; zSrc++; } Why not the shorter version? for(;;) { if(zSrc >= zEnd) { break; } zSrc[0] = 0; zSrc++; }
devnexen commented 3 years ago
Poster
Collaborator

Found odd too first time I read it unless it is to avoid some compiler optimisations ?

Found odd too first time I read it unless it is to avoid some compiler optimisations ?
belliash commented 3 years ago
Owner

No idea, but its not first time I see something like that in PH7. There are more of them. In this particular case, the whole loop could be even replaced by:

memset(zSrc, 0, zEnd - zSrc);
No idea, but its not first time I see something like that in PH7. There are more of them. In this particular case, the whole loop could be even replaced by: memset(zSrc, 0, zEnd - zSrc);
belliash commented 3 years ago
Owner

I have contacted with Symisc. They told me, that's an old manual optimisation technique targeting Intel CPUs and was inspired from the qmail source tree. Basically if you unloop your code and duplicate it four times, you can get non insignificant speed boost on some old x86 architecture. They also told me, they didnt want to use memset, as they wanted a minimal dependency with libc.

Nova days, I think we can rely on compiler optimisations.

I have contacted with Symisc. They told me, that's an old manual optimisation technique targeting Intel CPUs and was inspired from the qmail source tree. Basically if you unloop your code and duplicate it four times, you can get non insignificant speed boost on some old x86 architecture. They also told me, they didnt want to use memset, as they wanted a minimal dependency with libc. Nova days, I think we can rely on compiler optimisations.
belliash commented 3 years ago
Owner

To sum up, I think SyZero is currently able to guarantee to clear the context regardless of the optimisation. @devnexen: Do we need anything else, or can we close this ticket?

To sum up, I think SyZero is currently able to guarantee to clear the context regardless of the optimisation. @devnexen: Do we need anything else, or can we close this ticket?
devnexen commented 3 years ago
Poster
Collaborator

Nothing to add.

Nothing to add.
devnexen closed this issue 3 years ago
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.