Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Do Pascal compilers need SecureZeroMemory function?

Tags:

delphi

freepascal

pascal

fpc

Consider the code:

procedure DoSmthSecret;
var
  Seed: array[0..31] of Byte;

begin
// get random seed
  ..
// use the seed to do something secret
  ..
// erase the seed
  FillChar(Seed, SizeOf(Seed), 0);
end;

The problem with the code is: FillChar is a compiler intrinsic, and potentially a compiler can "optimize it out". The problem is known for C/C++ compilers, see SecureZeroMemory. Can modern Pascal compiler (Delphi, FPC) do such optimization, and if they can, do they provide SecureZeroMemory equivalent?

like image 503
kludg Avatar asked Mar 02 '16 09:03

kludg

2 Answers

FPC can't do such optimizations at the moment, and afaik even with C++ they belong into the "uncertain" class. (since the state of the program due to this optimization ignores what the programmer tells it to be)

Solving such problem is a matter of defining which constructs can be optimized out and which not. It doesn't need API/OS assistance per se, any externally linked object file with such function would do (since then global optimization wouldn't touch it)

Note that the article doesn't name the C++ compiler specifically, so I expect it is more a general utility function for when an user of a compiler gets into problems, without hitting the docs too hard, or when it must easily work on multiple (windows-only!) compilers without overly complicating the buildsystem.

Choosing a non inlinable API function might be non optimal in other cases, specially with small, constant sizes to zero, since it won't be inlined, so I would be careful with this function, and make sure there is a hard need

It might be important mainly when an external entity can change memory (DMA, memory mapping etc) of a program, or to erase passwords and other sensitive info from the memory image, even if the program according to the compiler will never read it

like image 70
Marco van de Voort Avatar answered Oct 07 '22 12:10

Marco van de Voort

Even if FreePascal would optimize out writing to memory that is never read again (which I doubt it does atm, regardless of how long you guys discuss it), it does support the absolute type modifier which it guarantees (documented) to never optimize (somewhat similar to volatile in C/C++).

like image 35
tofro Avatar answered Oct 07 '22 13:10

tofro
Sign in to Comment

Related questions

Zooming in/out of a TImage inside a TScrollBox to a particular focus?
How do i use events at design time in Smart Mobile Studio?
Are there some Delphi specific issues with "One class per file" rule? [closed]
Detect Chrome as browser associated with html files in Windows
Delphi XE3: What are the new types, MarshaledString and MarshaledAString used for?
Delphi client server array sending
How can I abort deletion of record based on decisions after dbnavigator delete button pressed?
When to use TPanel FullRepaint?
What is the equivalent server side component to TIdBlockCipherIntercept?
Multi Thread Delphi [closed]
Is it possible to create a type alias to a generic record in Delphi [duplicate]
How to preview an image with TFileOpenDialog
What to NOT do to prevent Delphi from mangling the uses list and {$*.RES} in a .DPR
Android background service in Delphi XE5
Delphi PNG image displays rectangle BUG around when move / load image
Creating custom TSetProperty property editor
"reference to function" as result of a function
How to Create DLL in C# and call in Delphi XE6 [duplicate]
Checking parameters of multiplication by constant in 64 bit
Delphi 10 Seattle Automated Builds

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!