Page MenuHomePhabricator
Differential D6363

Suppress a harmless variable-time optimization by clang in memczero
ClosedPublic
Actions

Authored by deadalnix on Jun 4 2020, 10:09.

Details

Reviewers
Fabien
Group Reviewers
Restricted Project
Commits
rABC81b7dd6bc389: Suppress a harmless variable-time optimization by clang in memczero
Summary
  • Suppress a harmless variable-time optimization by clang in memczero

This has been not been caught by the new constant-time tests because
valgrind currently gives us a zero exit code even if finds errors, see
https://github.com/bitcoin-core/secp256k1/pull/723#discussion_r388246806 .

This commit also simplifies the arithmetic in memczero.

Note that the timing leak here was the bit whether a secret key was
out of range. This leak is harmless and not exploitable. It is just
our overcautious practice to prefer constant-time code even here.

  • Add test for memczero()

This is a backport of libsecp256k1 PR728

Test Plan
ninja all check check-secp256k1

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

deadalnix created this revision.Jun 4 2020, 10:09
Herald added a reviewer: Restricted Project. · View Herald TranscriptJun 4 2020, 10:09
deadalnix requested review of this revision.Jun 4 2020, 10:09
teamcity edited the summary of this revision. (Show Details)Jun 4 2020, 10:09

[Bot Message]
One or more PR numbers were detected in the summary.
Links to those PRs have been inserted into the summary for reference.

Harbormaster completed remote builds in B11191: Diff 20878.Jun 4 2020, 10:18
Fabien accepted this revision.Jun 4 2020, 13:05
This revision is now accepted and ready to land.Jun 4 2020, 13:05
Closed by commit rABC81b7dd6bc389: Suppress a harmless variable-time optimization by clang in memczero (authored by Tim Ruffing <crypto@timruffing.de>, committed by deadalnix). · Explain WhyJun 4 2020, 13:09
This revision was automatically updated to reflect the committed changes.
deadalnix added a commit: rABC81b7dd6bc389: Suppress a harmless variable-time optimization by clang in memczero.

Revision Contents
Changeset List

PathSize
src/
secp256k1/
src/
18 lines
13 lines

Diff 20886

View Options

src/secp256k1/src/tests.c

Loading...
View Options

src/secp256k1/src/util.h

Loading...