Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suppress a harmless variable-time optimization by clang in memczero #728

Merged
merged 2 commits into from
Mar 27, 2020
Merged

Suppress a harmless variable-time optimization by clang in memczero #728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
52a0351
Suppress a harmless variable-time optimization by clang in memczero
real-or-random Mar 25, 2020
0199387
Add test for memczero()
real-or-random Mar 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions src/tests.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5166,6 +5166,21 @@ void run_ecdsa_openssl(void) {
# include "modules/recovery/tests_impl.h"
#endif

void run_memczero_test(void) {
unsigned char buf1[6] = {1, 2, 3, 4, 5, 6};
unsigned char buf2[sizeof(buf1)];

/* memczero(..., ..., 0) is a noop. */
memcpy(buf2, buf1, sizeof(buf1));
memczero(buf1, sizeof(buf1), 0);
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0);

/* memczero(..., ..., 1) zeros the buffer. */
memset(buf2, 0, sizeof(buf2));
memczero(buf1, sizeof(buf1) , 1);
CHECK(memcmp(buf1, buf2, sizeof(buf1)) == 0);
}

int main(int argc, char **argv) {
unsigned char seed16[16] = {0};
unsigned char run32[32] = {0};
Expand Down Expand Up @@ -5299,6 +5314,9 @@ int main(int argc, char **argv) {
run_recovery_tests();
#endif

/* util tests */
run_memczero_test();

secp256k1_rand256(run32);
printf("random run = %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n", run32[0], run32[1], run32[2], run32[3], run32[4], run32[5], run32[6], run32[7], run32[8], run32[9], run32[10], run32[11], run32[12], run32[13], run32[14], run32[15]);

Expand Down
13 changes: 8 additions & 5 deletions src/util.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,13 +160,16 @@ static SECP256K1_INLINE void *manual_alloc(void** prealloc_ptr, size_t alloc_siz
SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
#endif

/* Zero memory if flag == 1. Constant time. */
/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */
static SECP256K1_INLINE void memczero(void *s, size_t len, int flag) {
unsigned char *p;
unsigned char mask = -(unsigned char)flag;
p = (unsigned char *)s;
unsigned char *p = (unsigned char *)s;
/* Access flag with a volatile-qualified lvalue.
This prevents clang from figuring out (after inlining) that flag can
take only be 0 or 1, which leads to variable time code. */
volatile int vflag = flag;
unsigned char mask = -(unsigned char) vflag;
while (len) {
*p ^= *p & mask;
*p &= ~mask;
jonasnick marked this conversation as resolved.
Show resolved Hide resolved
p++;
len--;
}
Expand Down