diff options
| author | Frank Denis <124872+jedisct1@users.noreply.github.com> | 2025-02-20 12:32:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-20 12:32:37 +0100 |
| commit | 84cdb621599373b044cef88e6b921f86f2f6fa6c (patch) | |
| tree | 9e427dc49cb6bed46cd9ce35f318a2a782b26ee7 /src/codegen/llvm.zig | |
| parent | c41bc20ec7a3dd113d1eb4349d11082c6fc4242a (diff) | |
| download | zig-84cdb621599373b044cef88e6b921f86f2f6fa6c.tar.gz zig-84cdb621599373b044cef88e6b921f86f2f6fa6c.zip | |
std.crypto: add the ability to explicitly tag a value as secret (#19907)
* std.crypto: add the ability to explicitly tag a value as secret
It turns out that Valgrind can be a very useful tool to check that secrets
are not leaked via side channels involving lookups or conditional jumps.
Valgrind tracks uninitialized data, and memcheck reports operations
involving uninitialized values. By permanently or temporarily telling
Valgrind that a memory region containing secrets is uninitialized, we can
detect common side-channel vulnerabilities.
For example, the following code snippets would immediately report that the
result is not computed in constant time:
```zig
classify(&key);
const len = std.mem.indexOfScalar(u8, &key, 0);
```
```zig
classify(&key);
const idx = key[0];
x += idx;
```
```zig
var x: [4]u8 = undefined;
std.crypto.random.bytes(&x);
classify(&x);
if (std.mem.eql(u8, "test", &x)) return;
```
This is not fool-proof, but it can help a lot to detect unwanted compiler
optimizations.
Also, right now, this is relying on Valgrind primitives, but these
annotations can be used to do more interesting things later, especially with
our own code generation backends.
* Update for Zig 0.14
* Remove checks for Valgrind enablement
Diffstat (limited to 'src/codegen/llvm.zig')
0 files changed, 0 insertions, 0 deletions