Diffusion Bitcoin ABC 81b7dd6bc389

Suppress a harmless variable-time optimization by clang in memczero
81b7dd6bc389
Actions

Tags

None

Subscribers

None

Description

Suppress a harmless variable-time optimization by clang in memczero

Summary:

Suppress a harmless variable-time optimization by clang in memczero

This has been not been caught by the new constant-time tests because
valgrind currently gives us a zero exit code even if finds errors, see
https://github.com/bitcoin-core/secp256k1/pull/723#discussion_r388246806 .

This commit also simplifies the arithmetic in memczero.

Note that the timing leak here was the bit whether a secret key was
out of range. This leak is harmless and not exploitable. It is just
our overcautious practice to prefer constant-time code even here.

Add test for memczero()

This is a backport of libsecp256k1 PR728

Test Plan:

ninja all check check-secp256k1

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D6363

Details

Provenance

Tim Ruffing <crypto@timruffing.de>	Authored on Mar 25 2020, 15:04
deadalnix	Committed on Jun 4 2020, 13:09
deadalnix	Pushed on Jun 4 2020, 13:09

Reviewer

Restricted Project

Differential Revision

D6363: Suppress a harmless variable-time optimization by clang in memczero

Parents

rABC2024106a01b2: Remove symbols exported by jemalloc from the symbols check

Branches

Unknown

Tags

Unknown

Event Timeline

deadalnix committed rABC81b7dd6bc389: Suppress a harmless variable-time optimization by clang in memczero (authored by Tim Ruffing <crypto@timruffing.de>).Jun 4 2020, 13:09

deadalnix added an edge: D6363: Suppress a harmless variable-time optimization by clang in memczero.

Changes (2)

Path

Size

src/

secp256k1/

src/

rABC81b7dd6bc389

src/secp256k1/src/tests.c

Loading...

src/secp256k1/src/util.h

Loading...