github-starred/ultimatepp

Fork 0

mirror of https://github.com/ultimatepp/ultimatepp.git synced 2026-05-15 06:05:58 -06:00

[PR #272] [MERGED] Core/SSL: Add `SecureBuffer` and `SecureZero` for Secure Cryptographic Data Handling #280

New issue

Closed

opened 2026-05-05 03:44:44 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 03:44:44 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ultimatepp/ultimatepp/pull/272
Author: @ismail-yilmaz
Created: 5/31/2025
Status: ✅ Merged
Merged: 6/10/2025
Merged by: @mirek-fidler

Base: master ← Head: securebuffer

📝 Commits (1)

9551e0b Core/SSL: Added SecureBuffer and SecureZero

📊 Changes

6 files changed (+459 additions, -0 deletions)

View changed files

➕ autotest/SecureBuffer/SecureBuffer.cpp (+148 -0)
➕ autotest/SecureBuffer/SecureBuffer.upp (+12 -0)
➕ uppsrc/Core/SSL/Buffer.hpp (+163 -0)
📝 uppsrc/Core/SSL/SSL.h (+3 -0)
📝 uppsrc/Core/SSL/SSL.upp (+1 -0)
➕ uppsrc/Core/SSL/src.tpp/Upp_SSL_SecureBuffer_en-us.tpp (+132 -0)

📄 Description

Rationale

This PR introduces SecureBuffer<T> class and SecureZero() function(s) for handling sensitive cryptographic data in memory, which U++ currently lacks. These utilities provide memory locking and cryptographic erasure to reduce the risk of sensitive data being swapped to disk or left in memory after use.

Features

SecureZero<T>():
- Safely and securely zeroes memory, using OPENSSL_cleanse().
- Safely zeroes static arrays.
- Enforces that T is trivially copyable and destructible via static_assert.
SecureBuffer<T>:
- RAII-managed dynamic buffer for sensitive data.
- Automatically zeroes memory on destruction using SecureZero on destruction.
- Prevents paging sensitive memory using mlock or VirtualLock when possible ("best-effort" locking).
- Pick-only semantics to prevent accidental copies.
- Enforces that T is trivially copyable and destructible via static_assert.

Format

SecureBuffer<T> behaves like a dynamic container (T*, begin(), end(), operator[]), very similar to Upp::Buffer<T>, but is not intended for general-purpose use. It is specialized for securely storing sensitive data.

Public API

// SecureZero
template <class T>
void SecureZero(T* ptr, size_t count);

template<class T, size_t N>
void SecureZero(T (&obj)[N]); // static array overload

// SecureBuffer
template <class T>
class SecureBuffer : Moveable<SecureBuffer<T>>, NoCopy {
public:
    SecureBuffer()
    SecureBuffer(size_t size_)
    SecureBuffer(SecureBuffer&& src)
    ~SecureBuffer()

    SecureBuffer& operator=(SecureBuffer&& src)

    void        Alloc(size_t size)
    void        Clear()
    void        Zero()

    size_t      GetSize() const

    bool        IsEmpty() const

    operator T*()
    operator const T*() const
    T *operator~()
    const T *operator~() const
    T          *Get()
    const T    *Get() const
    T          *begin()
    const T    *begin() const

    T*          Begin()
    const T*    Begin() const


    T*          end()
    const T*    end() const
    T*          End()
    const T*    End() const


    T& operator[](size_t i)
    const T& operator[](size_t i) const
};

Notes:

A constructor with std::initializer_list is intentionally left out of the design, as it can be dangerous in cryptographic contexts.

Unit Tests

SecureZero:
- Basic integer array
- Empty array (edge case)
- NULL pointer (edge case)
- Byte-by-byte zeroing
- Complex types
- Partial array zeroing
- Resistance to compiler optimization
- Overlapping memory regions
SecureBuffer:
- Basic functionality
- Pick semantics
- Zeroing verification (security critical)
- Multiple clear calls
- Edge case

API Docs

Included.

Changes

None. This is a new addition to Core/SSL package.

#269
#270

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ultimatepp/ultimatepp/pull/272 **Author:** [@ismail-yilmaz](https://github.com/ismail-yilmaz) **Created:** 5/31/2025 **Status:** ✅ Merged **Merged:** 6/10/2025 **Merged by:** [@mirek-fidler](https://github.com/mirek-fidler) **Base:** `master` ← **Head:** `securebuffer` --- ### 📝 Commits (1) - [`9551e0b`](https://github.com/ultimatepp/ultimatepp/commit/9551e0bd146bef3c502953898940cdf13cd9a2c7) Core/SSL: Added SecureBuffer and SecureZero ### 📊 Changes **6 files changed** (+459 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `autotest/SecureBuffer/SecureBuffer.cpp` (+148 -0) ➕ `autotest/SecureBuffer/SecureBuffer.upp` (+12 -0) ➕ `uppsrc/Core/SSL/Buffer.hpp` (+163 -0) 📝 `uppsrc/Core/SSL/SSL.h` (+3 -0) 📝 `uppsrc/Core/SSL/SSL.upp` (+1 -0) ➕ `uppsrc/Core/SSL/src.tpp/Upp_SSL_SecureBuffer_en-us.tpp` (+132 -0) </details> ### 📄 Description ## Rationale This PR introduces `SecureBuffer<T>` class and `SecureZero()` function(s) for handling sensitive cryptographic data in memory, which U++ currently lacks. These utilities provide memory locking and cryptographic erasure to reduce the risk of sensitive data being swapped to disk or left in memory after use. ## Features - **`SecureZero<T>()`**: - Safely and securely zeroes memory, using `OPENSSL_cleanse()`. - Safely zeroes static arrays. - Enforces that `T` is trivially copyable and destructible via `static_assert`. - **`SecureBuffer<T>`**: - RAII-managed dynamic buffer for sensitive data. - Automatically zeroes memory on destruction using `SecureZero` on destruction. - Prevents paging sensitive memory using `mlock` or `VirtualLock` when possible ("best-effort" locking). - Pick-only semantics to prevent accidental copies. - Enforces that `T` is trivially copyable and destructible via `static_assert`. ## Format `SecureBuffer<T>` behaves like a dynamic container (`T*`, `begin()`, `end()`, `operator[]`), very similar to `Upp::Buffer<T>`, but is not intended for general-purpose use. It is specialized for securely storing sensitive data. ## Public API ```cpp // SecureZero template <class T> void SecureZero(T* ptr, size_t count); template<class T, size_t N> void SecureZero(T (&obj)[N]); // static array overload // SecureBuffer template <class T> class SecureBuffer : Moveable<SecureBuffer<T>>, NoCopy { public: SecureBuffer() SecureBuffer(size_t size_) SecureBuffer(SecureBuffer&& src) ~SecureBuffer() SecureBuffer& operator=(SecureBuffer&& src) void Alloc(size_t size) void Clear() void Zero() size_t GetSize() const bool IsEmpty() const operator T*() operator const T*() const T *operator~() const T *operator~() const T *Get() const T *Get() const T *begin() const T *begin() const T* Begin() const T* Begin() const T* end() const T* end() const T* End() const T* End() const T& operator[](size_t i) const T& operator[](size_t i) const }; ``` ### Notes: - A constructor with `std::initializer_list` is intentionally left out of the design, as it can be dangerous in cryptographic contexts. ## Unit Tests - SecureZero: - Basic integer array - Empty array (edge case) - NULL pointer (edge case) - Byte-by-byte zeroing - Complex types - Partial array zeroing - Resistance to compiler optimization - Overlapping memory regions - SecureBuffer: - Basic functionality - Pick semantics - Zeroing verification (security critical) - Multiple clear calls - Edge case ## API Docs - Included. ## Changes - None. This is a new addition to `Core/SSL` package. ## Related Discussions #269 #270 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 03:44:44 -06:00

closed this issue
added the
pull-request
label

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/ultimatepp#280

No description provided.

Rows
Columns

[PR #272] [MERGED] Core/SSL: Add SecureBuffer and SecureZero for Secure Cryptographic Data Handling #280