-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clear sensitive memory without getting optimized out (revival of #636) #1579
base: master
Are you sure you want to change the base?
Commits on Aug 20, 2024
-
Don't clear secrets in pippenger implementation
This code is not supposed to handle secret data.
Configuration menu - View commit details
-
Copy full SHA for 412a82f - Browse repository at this point
Copy the full SHA 412a82fView commit details -
Add secp256k1_memclear() for clearing secret data
We rely on memset() and an __asm__ memory barrier where it's available or on SecureZeroMemory() on Windows. The fallback implementation uses a volatile function pointer to memset which the compiler is not clever enough to optimize.
Configuration menu - View commit details
-
Copy full SHA for 3818a68 - Browse repository at this point
Copy the full SHA 3818a68View commit details -
Separate secp256k1_fe_set_int( . , 0 ) from secp256k1_fe_clear()
There are two uses of the secp256k1_fe_clear() function that are now separated into these two functions in order to reflect the intent: 1) initializing the memory prior to being used -> converted to fe_set_int( . , 0 ) 2) zeroing the memory after being used such that no sensitive data remains. -> remains as fe_clear() In the latter case, 'magnitude' and 'normalized' need to be overwritten when VERIFY is enabled. Co-Authored-By: isle2983 <isle2983@yahoo.com>
Configuration menu - View commit details
-
Copy full SHA for 7a59878 - Browse repository at this point
Copy the full SHA 7a59878View commit details -
Separate between clearing memory and setting to zero in tests
Co-Authored-By: isle2983 <isle2983@yahoo.com> Co-Authored-By: Pieter Wuille <pieter.wuille@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 15e8cdd - Browse repository at this point
Copy the full SHA 15e8cddView commit details -
Use secp256k1_memclear() to clear stack memory instead of memset()
All of the invocations of secp256k1_memclear() operate on stack memory and happen after the function is done with the memory object. This commit replaces existing memset() invocations and also adds secp256k1_memclear() to code locations where clearing was missing; there is no guarantee that this commit covers all code locations where clearing is necessary. Co-Authored-By: isle2983 <isle2983@yahoo.com>
Configuration menu - View commit details
-
Copy full SHA for 6fcbae9 - Browse repository at this point
Copy the full SHA 6fcbae9View commit details -
Configuration menu - View commit details
-
Copy full SHA for c65befc - Browse repository at this point
Copy the full SHA c65befcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9afa068 - Browse repository at this point
Copy the full SHA 9afa068View commit details -
Introduce separate _clear functions for hash module
This gives the caller more control about whether the state should be cleaned (= should be considered secret), which will be useful for example for Schnorr signature verification in the future. Moreover, it gives the caller the possibility to clean a hash struct without finalizing it.
Configuration menu - View commit details
-
Copy full SHA for ac0e41b - Browse repository at this point
Copy the full SHA ac0e41bView commit details