secp256k1
secp256k1 copied to clipboard
Published
20 hours ago •
bitcoin-core
bitcoin-core
False positives in constant-time tests when using MSan on Clang >= 16
(Description partly copied from https://github.com/bitcoin-core/secp256k1/pull/1512#issuecomment-2045254282)
The default of what is considered a "use" of uninitialized memory was changed in clang 16. Returning an uninitialized variables from a function, or passing uninitialized values to a function as a parameter is now considered, and MSan will report it by default. See the Clang 16.0.09 Release Notes:
-fsanitize-memory-param-retvalis turned on by default. With-fsanitize=memory, passing uninitialized variables to functions and returning uninitialized variables from functions is more aggressively reported.-fno-sanitize-memory-param-retvalrestores the previous behavior.
This makes sense for actual memory checking, in the sense that uninitialized memory at the boundary of a function call should probably be considered a bug or at least a smell. But that's certainly not what we want if we (ab)use MSan for constant-time checking, and this gives us false positives.
We should pass -fno-sanitize-memory-param-retval to clang >=16, but probably only for the ctime_test target.
Example false positives, `clang version 17.0.6` on d8311688bd383d3a923a1b11789cded3cc8e5e03, and `./configure --enable-dev-mode CFLAGS='-fsanitize=memory -fsanitize-recover=memory -g'`:
> ./ctime_tests
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094683e2fa in secp256k1_ecdsa_sign_inner /home/tim/bs/dev/secp256k1/src/secp256k1.c:544:5
#1 0x77094683c06f in secp256k1_ecdsa_sign /home/tim/bs/dev/secp256k1/src/secp256k1.c:556:11
#2 0x5cb76630a11f in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:106:11
#3 0x5cb76630a11f in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#4 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#6 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:544:5 in secp256k1_ecdsa_sign_inner
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094685787c in secp256k1_ecdh /home/tim/bs/dev/secp256k1/src/modules/ecdh/main_impl.h:69:1
#1 0x5cb76630a1bd in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:115:11
#2 0x5cb76630a1bd in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ecdh/main_impl.h:69:1 in secp256k1_ecdh
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094683e2fa in secp256k1_ecdsa_sign_inner /home/tim/bs/dev/secp256k1/src/secp256k1.c:544:5
#1 0x77094685aadf in secp256k1_ecdsa_sign_recoverable /home/tim/bs/dev/secp256k1/src/modules/recovery/main_impl.h:132:11
#2 0x5cb76630a232 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:123:11
#3 0x5cb76630a232 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#4 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#6 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:544:5 in secp256k1_ecdsa_sign_inner
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094683e43f in secp256k1_ec_seckey_verify /home/tim/bs/dev/secp256k1/src/secp256k1.c:570:1
#1 0x5cb76630a2e7 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:132:11
#2 0x5cb76630a2e7 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:570:1 in secp256k1_ec_seckey_verify
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094683f05a in secp256k1_ec_seckey_negate /home/tim/bs/dev/secp256k1/src/secp256k1.c:618:1
#1 0x5cb76630a343 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:137:11
#2 0x5cb76630a343 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:618:1 in secp256k1_ec_seckey_negate
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946840027 in secp256k1_ec_seckey_tweak_add_helper /home/tim/bs/dev/secp256k1/src/secp256k1.c:648:5
#1 0x77094683f6ed in secp256k1_ec_seckey_tweak_add /home/tim/bs/dev/secp256k1/src/secp256k1.c:659:12
#2 0x5cb76630a3b7 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:143:11
#3 0x5cb76630a3b7 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#4 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#6 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:648:5 in secp256k1_ec_seckey_tweak_add_helper
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094683fb54 in secp256k1_ec_seckey_tweak_add /home/tim/bs/dev/secp256k1/src/secp256k1.c:665:1
#1 0x5cb76630a3b7 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:143:11
#2 0x5cb76630a3b7 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:665:1 in secp256k1_ec_seckey_tweak_add
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946840dc4 in secp256k1_ec_seckey_tweak_mul /home/tim/bs/dev/secp256k1/src/secp256k1.c:713:1
#1 0x5cb76630a42b in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:149:11
#2 0x5cb76630a42b in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:713:1 in secp256k1_ec_seckey_tweak_mul
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094685fd09 in secp256k1_keypair_create /home/tim/bs/dev/secp256k1/src/modules/extrakeys/main_impl.h:212:1
#1 0x5cb76630a48f in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:156:11
#2 0x5cb76630a48f in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/extrakeys/main_impl.h:212:1 in secp256k1_keypair_create
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946840027 in secp256k1_ec_seckey_tweak_add_helper /home/tim/bs/dev/secp256k1/src/secp256k1.c:648:5
#1 0x770946860c1a in secp256k1_keypair_xonly_tweak_add /home/tim/bs/dev/secp256k1/src/modules/extrakeys/main_impl.h:273:12
#2 0x5cb76630a4f6 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:162:11
#3 0x5cb76630a4f6 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#4 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#6 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/secp256k1.c:648:5 in secp256k1_ec_seckey_tweak_add_helper
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x77094685fd09 in secp256k1_keypair_create /home/tim/bs/dev/secp256k1/src/modules/extrakeys/main_impl.h:212:1
#1 0x5cb76630a5ce in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:175:11
#2 0x5cb76630a5ce in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/extrakeys/main_impl.h:212:1 in secp256k1_keypair_create
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946863ca2 in secp256k1_schnorrsig_sign_internal /home/tim/bs/dev/secp256k1/src/modules/schnorrsig/main_impl.h:193:1
#1 0x7709468619ab in secp256k1_schnorrsig_sign32 /home/tim/bs/dev/secp256k1/src/modules/schnorrsig/main_impl.h:197:12
#2 0x5cb76630a630 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:178:11
#3 0x5cb76630a630 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#4 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#6 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/schnorrsig/main_impl.h:193:1 in secp256k1_schnorrsig_sign_internal
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946871648 in secp256k1_ellswift_create /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:487:1
#1 0x5cb76630a693 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:185:11
#2 0x5cb76630a693 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:487:1 in secp256k1_ellswift_create
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x770946871648 in secp256k1_ellswift_create /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:487:1
#1 0x5cb76630a6f7 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:190:11
#2 0x5cb76630a6f7 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:487:1 in secp256k1_ellswift_create
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7709468770b2 in secp256k1_ellswift_xdh /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1
#1 0x5cb76630a7af in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:197:15
#2 0x5cb76630a7af in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1 in secp256k1_ellswift_xdh
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7709468770b2 in secp256k1_ellswift_xdh /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1
#1 0x5cb76630a84c in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:203:15
#2 0x5cb76630a84c in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1 in secp256k1_ellswift_xdh
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7709468770b2 in secp256k1_ellswift_xdh /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1
#1 0x5cb76630a8e0 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:197:15
#2 0x5cb76630a8e0 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1 in secp256k1_ellswift_xdh
==18035==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7709468770b2 in secp256k1_ellswift_xdh /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1
#1 0x5cb76630a979 in run_tests /home/tim/bs/dev/secp256k1/src/ctime_tests.c:203:15
#2 0x5cb76630a979 in main /home/tim/bs/dev/secp256k1/src/ctime_tests.c:57:5
#3 0x770946518ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#4 0x770946518d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: c0caa0b7709d3369ee575fcd7d7d0b0fc48733af)
#5 0x5cb766271254 in _start (/home/tim/bs/dev/secp256k1/.libs/ctime_tests+0x31254) (BuildId: b302b3c7acd04fb3473e01ac13d3e3e0eb931f49)
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/tim/bs/dev/secp256k1/src/modules/ellswift/main_impl.h:588:1 in secp256k1_ellswift_xdh
MemorySanitizer: 18 warnings reported.
cc @hebasto
