secure memory ops (#248)

* add mir_secure_memory version

* add configs

Author: 9il

dub.sdl

@@ -23,6 +23,10 @@ buildType "unittest-release" {
 configuration "default" {
 }
 
+configuration "secure" {
+    versions "mir_secure_memory"
+}
+
 configuration "dip1008" {
     dflags "-preview=dip1008"
 }

meson.build

@@ -102,7 +102,7 @@ this_dep = declare_dependency(
     dependencies: required_deps,
 )
 
-test_versions = ['mir_test', 'NOGCEXP']
+test_versions = ['mir_test', 'NOGCEXP', 'mir_secure_memory']
 
 if has_cpp_headers
     install_subdir('include/',

source/mir/appender.d

@@ -53,7 +53,15 @@ struct ScopedBuffer(T, size_t bytes = 4096)
             else
             {
                 auto newLen = _currentLength << 1;
-                _buffer = (cast(T*)malloc(T.sizeof * newLen))[0 .. newLen];
+                if (auto p = malloc(T.sizeof * newLen))
+                {
+                    _buffer = (cast(T*)p)[0 .. newLen];
+                }
+                else assert(0);
+                version (mir_secure_memory)
+                {
+                    (cast(ubyte[])_buffer)[] = 0;
+                }
                 memcpy(cast(void*)_buffer.ptr, _scopeBuffer.ptr, T.sizeof * (_currentLength - n));
             }
         }
@@ -62,6 +70,10 @@ struct ScopedBuffer(T, size_t bytes = 4096)
         {
             auto newLen = _currentLength << 1;
             _buffer = (cast(T*)realloc(cast(void*)_buffer.ptr, T.sizeof * newLen))[0 .. newLen];
+            version (mir_secure_memory)
+            {
+                (cast(ubyte[])_buffer[_currentLength .. $])[] = 0;
+            }
         }
         return _buffer[0 .. _currentLength];
     }
@@ -78,7 +90,16 @@ struct ScopedBuffer(T, size_t bytes = 4096)
         import mir.internal.memory: malloc;
         if (_buffer.ptr)
         {
-            auto buffer = (cast(T*)malloc(T.sizeof * _buffer.length))[0 .. _buffer.length];
+            typeof(_buffer) buffer;
+            if (auto p = malloc(T.sizeof * _buffer.length))
+            {
+                buffer = (cast(T*)p)[0 .. T.sizeof * _buffer.length];
+            }
+            else assert(0);
+            version (mir_secure_memory)
+            {
+                (cast(ubyte[])buffer)[] = 0;
+            }
             buffer[0 .. _currentLength] = _buffer[0 .. _currentLength];
             _buffer = buffer;
         }

source/mir/ndslice/allocation.d

@@ -496,6 +496,10 @@ auto uninitSlice(T, size_t N)(size_t[N] lengths...)
     immutable len = lengths.lengthsProduct;
     import std.array : uninitializedArray;
     auto arr = uninitializedArray!(T[])(len);
+    version (mir_secure_memory)
+    {()@trusted{
+        (cast(ubyte[])arr)[] = 0;
+    }();}
     return arr.sliced(lengths);
 }
 
@@ -646,6 +650,10 @@ makeUninitSlice(T, Allocator, size_t N)(auto ref Allocator alloc, size_t[N] leng
         auto mem = alloc.allocate(len * T.sizeof);
         if (mem.length == 0) assert(0);
         auto array = () @trusted { return cast(T[]) mem; }();
+        version (mir_secure_memory)
+        {() @trusted { 
+            (cast(ubyte[])array)[] = 0;
+        }();}
         return array.sliced(lengths);
     }
     else
@@ -856,7 +864,13 @@ Slice!(T*, N) stdcUninitSlice(T, size_t N)(size_t[N] lengths...)
 {
     import core.stdc.stdlib: malloc;
     immutable len = lengths.lengthsProduct;
-    auto ptr = len ? cast(T*) malloc(len * T.sizeof) : null;
+    auto p = malloc(len * T.sizeof);
+    if (p is null) assert(0);
+    version (mir_secure_memory)
+    {
+        (cast(ubyte*)p)[0 .. len * T.sizeof] = 0;
+    }
+    auto ptr = len ? cast(T*) p : null;
     return ptr.sliced(lengths);
 }
 
@@ -892,6 +906,10 @@ See_also:
 void stdcFreeSlice(T, size_t N)(Slice!(T*, N) slice)
 {
     import core.stdc.stdlib: free;
+    version (mir_secure_memory)
+    {
+        (cast(ubyte[])slice.field)[] = 0;
+    }
     slice._iterator.free;
 }
 
@@ -926,6 +944,10 @@ auto stdcUninitAlignedSlice(T, size_t N)(size_t[N] lengths, uint alignment) @sys
     immutable len = lengths.lengthsProduct;
     import mir.internal.memory: alignedAllocate;
     auto arr = (cast(T*)alignedAllocate(len * T.sizeof, alignment))[0 .. len];
+    version (mir_secure_memory)
+    {
+        (cast(ubyte[])arr)[] = 0;
+    }
     return arr.sliced(lengths);
 }
 
@@ -951,5 +973,9 @@ See_also:
 void stdcFreeAlignedSlice(T, size_t N)(Slice!(T*, N) slice)
 {
     import mir.internal.memory: alignedFree;
+    version (mir_secure_memory)
+    {
+        (cast(ubyte[])slice.field)[] = 0;
+    }
     slice._iterator.alignedFree;
 }

source/mir/rc/context.d

@@ -87,6 +87,12 @@ void mir_rc_delete(ref mir_rc_context context)
             }
         }
     }
+    if (context.counter)
+        assert(0);
+    version (mir_secure_memory)
+    {
+        (cast(ubyte*)(&context + 1))[0 .. context.length * context.typeInfo.size] = 0;
+    }
     context.deallocator(&context);
 }
 
@@ -106,8 +112,14 @@ mir_rc_context* mir_rc_create(
 
     assert(length);
     auto size = length * typeInfo.size;
-    if (auto context = cast(mir_rc_context*)malloc(mir_rc_context.sizeof + size))
+    auto fullSize = mir_rc_context.sizeof + size;
+    if (auto p = malloc(fullSize))
     {
+        version (mir_secure_memory)
+        {
+            (cast(ubyte*)p)[0 .. fullSize] = 0;
+        }
+        auto context = cast(mir_rc_context*)p;
         context.deallocator = &free;
         context.typeInfo = &typeInfo;
         context.counter = deallocate;

source/mir/type_info.d

@@ -27,9 +27,7 @@ struct mir_type_info
     int size;
 }
 
-/++
-Convinience function for integration with .NET.
-+/
+deprecated
 export extern(C) void mir_type_info_init(ref mir_type_info ti, typeof(mir_type_info.init.destructor) destructor, int size)
     @safe pure nothrow @nogc
 {