HomePhabricator

Suppress a harmless variable-time optimization by clang in memczero

Description

Suppress a harmless variable-time optimization by clang in memczero

Summary:

  • Suppress a harmless variable-time optimization by clang in memczero

This has been not been caught by the new constant-time tests because
valgrind currently gives us a zero exit code even if finds errors, see
https://github.com/bitcoin-core/secp256k1/pull/723#discussion_r388246806 .

This commit also simplifies the arithmetic in memczero.

Note that the timing leak here was the bit whether a secret key was
out of range. This leak is harmless and not exploitable. It is just
our overcautious practice to prefer constant-time code even here.

  • Add test for memczero()

This is a backport of libsecp256k1 PR728

Test Plan:

ninja all check check-secp256k1

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D6363

Details

Provenance
Tim Ruffing <crypto@timruffing.de>Authored on Mar 25 2020, 15:04
deadalnixCommitted on Jun 4 2020, 13:09
deadalnixPushed on Jun 4 2020, 13:09
Reviewer
Restricted Project
Differential Revision
D6363: Suppress a harmless variable-time optimization by clang in memczero
Parents
rABC2024106a01b2: Remove symbols exported by jemalloc from the symbols check
Branches
Unknown
Tags
Unknown