Skip to content

Use C23 memset_explicit() for ZEND_SECURE_ZERO() if available #15483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Girgias opened this issue Aug 18, 2024 · 2 comments · May be fixed by #18713
Open

Use C23 memset_explicit() for ZEND_SECURE_ZERO() if available #15483

Girgias opened this issue Aug 18, 2024 · 2 comments · May be fixed by #18713
Labels
Category: Engine Feature Refactoring

Comments

@Girgias
Copy link
Member

Girgias commented Aug 18, 2024

Description

This new function is designed to never be optimized away by a compiler.

I think this needs some configure checks, which I never know how to do. @petk do you know if anything fancy needs to be done?
We probably also want to amend the implementation of php_explicit_bzero() to use this if available.
@petk
Copy link
Member

petk commented Aug 18, 2024
edited
Loading

From what I see, it only needs to be checked in the AC_CHECK_FUNCS([memset_explicit]) somewhere - in configure.ac probably and then used conditionally:

#ifdef HAVE_MEMSET_EXPLICIT
...
#else
...
#endif

Except that on Windows, it's probably not available (yet).

@cmb69
Copy link
Member

cmb69 commented Aug 18, 2024

Except that on Windows, it's probably not available (yet).

I think so, too, at least regarding MSVC; not sure about clang on Windows, though.

@nielsdos nielsdos mentioned this issue Apr 30, 2025
Closed
@TimWolla TimWolla marked this as a duplicate of #18473 Apr 30, 2025
nielsdos added a commit to nielsdos/php-src that referenced this issue May 30, 2025
@nielsdos
Implement phpGH-15483: Use C23 memset_explicit() for ZEND_SECURE_ZERO…
0287ea9 
…() if available
@nielsdos nielsdos linked a pull request May 30, 2025 that will close this issue
Implement GH-15483: Use C23 memset_explicit() for ZEND_SECURE_ZERO() if available #18713
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Engine Feature Refactoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement GH-15483: Use C23 memset_explicit() for ZEND_SECURE_ZERO() if available nielsdos/php-src
3 participants
@petk @cmb69 @Girgias