Consolidate Windows ASLR workarounds for upstream secp256k1 changes

fanquake commented at 7:18 pm on May 30, 2022: member

#18702 added a work around for bitcoin-cli.exe, to fix ASLR on Windows. ASLR was functioning for the rest of our binaries, mostly by accident, because:

All other Windows binaries that we distribute (bitcoind, bitcoin-qt, bitcoin-wallet, bitcoin-tx and test_bitcoin) do not suffer this issue, and currently having working ASLR. This is due to them exporting (inadvertent or not) libsecp256k1 symbols, and, as a result, the .reloc section is not stripped by ld.

Upstream, libsecp256k1 has recently made a change to no-longer export symbols in static libraries (see related discussion in #25008). This would mean that on the next subtree update, anyone building using an older binutils (< 2.36) would be (silently) producing Windows binaries with non-functioning ASLR. Our release binaries would not be affected, as in our Guix environment we currently use binutils 2.37.

To prevent users building with older binutils from silently losing ASLR on Windows, this PR applies our work around (export main) to the rest of our binaries, and updates the associated documentation to mention the affected binutils versions, so we know when it can be dropped.

I’ve included both the libsecp256k1 subtree update, and the ASLR related changes in this PR. Happy to split the changes up if reviewers would prefer.

Guix Build (x86_64):

 024fa1053fa3d310c4274f0700ac36f3c6e5b4486dc7f1aa7b2a5ded6937cf2b6  guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/SHA256SUMS.part
 196c4150f93c1356dc02f3d383699bcd856da7f769344606324fdc111fbfa8031  guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/bitcoin-913b1f2a5eb2-aarch64-linux-gnu-debug.tar.gz
 25e4adcaddf20a33cd4803e5a10f9a0653bcd40b1dfc7b680a741a17047103948  guix-build-913b1f2a5eb2/output/aarch64-linux-gnu/bitcoin-913b1f2a5eb2-aarch64-linux-gnu.tar.gz
 3adfdac8fef797b13d845c13ab682611d0cc49a9772c2bd40f7aa6dbb1b4f11a8  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/SHA256SUMS.part
 4d51849bf907eecb168066a208b702314779fc12ae6fcaa8b5c2c3497e91820b9  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf-debug.tar.gz
 5ca33ebed13316410d6d79e2db06f9bce8839fbc7216a5bc01a06745b2e470c2e  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf.tar.gz
 6799fd15fa1e53d773a5ce391b7059920b54680591ee76bdc56bc7485a12d2af6  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/SHA256SUMS.part
 70122eb5fdd4cce7077ee1a2bba8c5bd3557c1d3f12f2f2aad7216de33bea213e  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.dmg
 83a630cc96bf9a43cbb89976aabdddb7a9069f74320277a499f3bbb96526d9c5d  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.tar.gz
 9e2530bab501750fd3d60776ba077bc4a8b145cc95e3a77105d86b388a1d961e1  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin.tar.gz
10f8fbc07221bd21f996dc29c65725740e9c2bfc9365367c806601f12b8e2d2691  guix-build-913b1f2a5eb2/output/dist-archive/bitcoin-913b1f2a5eb2.tar.gz
11fdbc8224d774f2428f037e65d9ac5728613cddee4ddcf6f1d144421cb1f37b3b  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/SHA256SUMS.part
12c1098cba38aee264ee7de82be3d5f8c1ec2c915c30763292fa9b6dc37aba8de8  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu-debug.tar.gz
13567b8bf896a79e2f1b4961ec4f6c3501e414822f84f6fb40c9e3546e67ab08ff  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu.tar.gz
14cbd7713550c5922ee28e0915b0425dc702bb299ad6809ff60e389604f4da3a31  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/SHA256SUMS.part
15e50fa6e370602a956942703ab349808c01e7365a00faead941d9e6be3800c65c  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu-debug.tar.gz
162380fbdf6916769783a0e6c7848fb8d3b3cb5c44c26817009a8481e815098e3a  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu.tar.gz
17a0fecb7b0d0a93aa15825572a0e1284f4776a5808f9f5eda7b2ddddaf2457fb2  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/SHA256SUMS.part
1814fe505f06de009b50c2b4ce0e0430ba09fa66385ff50aa90f9ed0b03a321e61  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu-debug.tar.gz
1998a70df9a6851d5221d8f8404f9656048ecf7cac2c9dffd2b6a55107783a60ad  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu.tar.gz
20decb20f8de61e3eeda7e8f6fefcbaf56593c37d989672c6e7e2cd5c8e982c342  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/SHA256SUMS.part
21e14275e1bbbe54179fb68b50ed7c72de4c7ebc5b442c7793daf9974be523e8da  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.dmg
226bb2d9f6c8123156b0e11b73f67f4e4e780e6bccb739e600f4e9b06b29aa3832  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.tar.gz
231f0fab16e32e4c9892b272edf43beb8e5de60bf8a04f41744809dc2a31b4f1b9  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin.tar.gz
243d7e45c7189a8855ea8a0d498dcd4d3189aa01c528eac194300cdb59f79471f2  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/SHA256SUMS.part
2587b75a47a620dbd8ccf20768a3d82adf0b797ad86b7384cca62a7cf489b7a74c  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu-debug.tar.gz
267e06af11bcef3ba6fd48501a09fbac86746537bad063f36caf39cd6bb857d3a8  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu.tar.gz
27c9ca794f7307df6f891008d92997719be95794f4670d018d0275f2a6c580d160  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/SHA256SUMS.part
287eb1551cdafc0a44e5b5fcea703c6eeb6fc0bca601b57ab52d1e5e62db3ccffc  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-debug.zip
298ef87c85c520aef150f4c11a9082e8a0b1ac74c5b6f4fcdceb9e734eb8106bca  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-setup-unsigned.exe
30c5886ab3d6303bf8c946e4aafcfdfb5ee7dc9fbb50c34dfc5224db2f1f3b2a44  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-unsigned.tar.gz
31f473902cea9e763b98ad69c5dcfaa990430f9b0f777112af5f1d289492d8cefe  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64.zip

Guix Build (arm64):

 0a175ce0055b206fe7b2752fa5ae33eed0f31236f7b37bbb530425532d88007c2  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/SHA256SUMS.part
 11ab5d59685593eedbb59b5284d81cce568a6c9c900303f97c69e8194cb5bb7f5  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf-debug.tar.gz
 28d1b48d38b8af696b929ac077ba7e3dabb7c565862409b2f35db2217ab9bdb06  guix-build-913b1f2a5eb2/output/arm-linux-gnueabihf/bitcoin-913b1f2a5eb2-arm-linux-gnueabihf.tar.gz
 390230652cb39e2707ac79569899183dc1ff5d08c059e7a01d0c65144251679b5  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/SHA256SUMS.part
 42b86da5e1ccebf348478ca69463d1be09c0f563ffa370ee5170c82ba706a7577  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.dmg
 5648e968dbf3af3bf8a79d714f4395091058e2ff4294b202a0dc9b5e0092b4732  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin-unsigned.tar.gz
 6bebe7ed21e4f74866ca99be31839beff01eac57afbaa2878f5c6637f0239c631  guix-build-913b1f2a5eb2/output/arm64-apple-darwin/bitcoin-913b1f2a5eb2-arm64-apple-darwin.tar.gz
 7f8fbc07221bd21f996dc29c65725740e9c2bfc9365367c806601f12b8e2d2691  guix-build-913b1f2a5eb2/output/dist-archive/bitcoin-913b1f2a5eb2.tar.gz
 887156fe1fb397eaa1d1f15c36f2677b6aeb32eefac02202b2735f7d3165fceb1  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/SHA256SUMS.part
 95f06e885564780d7dce78cc8cbb21b8dd5addba8b90bb2b8a7f03e946b6ed633  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu-debug.tar.gz
1095b9c0a7d82e7055c99d013fa183abf654caf14539c5ec9cfe785838f45747fc  guix-build-913b1f2a5eb2/output/powerpc64-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64-linux-gnu.tar.gz
118da6f0fb2bdc492f96ee70ca323787521e7fce7ebe2b9adb43b7b6ae56ff1916  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/SHA256SUMS.part
12a60623ac5bb76b3eae3129b4f32fe7287e526e043bd2e58f80ce5fccf91ef20c  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu-debug.tar.gz
13c9bbdca3c41c3783d57734e0fda875a6353bbf8fec8c8e61f037259acaad28cd  guix-build-913b1f2a5eb2/output/powerpc64le-linux-gnu/bitcoin-913b1f2a5eb2-powerpc64le-linux-gnu.tar.gz
145f76aef2eed312153b60712450b4376b4965c2b0c86d2ddfc0b7f3d23fb31eee  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/SHA256SUMS.part
1540ad7ca605bb75e153a481a455b344f27d9c0b713f1312fc2a7703116508a127  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu-debug.tar.gz
166031d28d6405f03b685884fdee6c2cc2126afffdc867ab743ca0c9cfcad81ac2  guix-build-913b1f2a5eb2/output/riscv64-linux-gnu/bitcoin-913b1f2a5eb2-riscv64-linux-gnu.tar.gz
17decb20f8de61e3eeda7e8f6fefcbaf56593c37d989672c6e7e2cd5c8e982c342  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/SHA256SUMS.part
18e14275e1bbbe54179fb68b50ed7c72de4c7ebc5b442c7793daf9974be523e8da  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.dmg
196bb2d9f6c8123156b0e11b73f67f4e4e780e6bccb739e600f4e9b06b29aa3832  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin-unsigned.tar.gz
201f0fab16e32e4c9892b272edf43beb8e5de60bf8a04f41744809dc2a31b4f1b9  guix-build-913b1f2a5eb2/output/x86_64-apple-darwin/bitcoin-913b1f2a5eb2-x86_64-apple-darwin.tar.gz
21b90d8c7252fd42809ac9bf8c7e5cf9c9207f7412314e9e6904ee2e51222bc8c5  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/SHA256SUMS.part
22b6cbcd305a9b6b8dcc6be71703745835c9e3e7652a3f3b18e7018f5ddb0fc26d  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu-debug.tar.gz
236da0cf8fedd9c285926c132102d1e8f9d6fde7e0ecdac3ba159a3464fc2e98c0  guix-build-913b1f2a5eb2/output/x86_64-linux-gnu/bitcoin-913b1f2a5eb2-x86_64-linux-gnu.tar.gz
2430d2b25cdfce03edc2bfb8d39dcdcc6636ed3637cc0176f43f715dc795ab929e  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/SHA256SUMS.part
256028017fabcddac50857667d63da979b04a6dc331a26715f875e2db96b8935d7  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-debug.zip
268ef87c85c520aef150f4c11a9082e8a0b1ac74c5b6f4fcdceb9e734eb8106bca  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-setup-unsigned.exe
27c5886ab3d6303bf8c946e4aafcfdfb5ee7dc9fbb50c34dfc5224db2f1f3b2a44  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64-unsigned.tar.gz
284af0477e156b9a0c6fa1754ba7446b8c6c021075531aa4051980e47fa586e196  guix-build-913b1f2a5eb2/output/x86_64-w64-mingw32/bitcoin-913b1f2a5eb2-win64.zip

Symbol exporting as of this PR (bitcoind.exe):

0Export Table:
1 DLL name: bitcoind.exe
2 Ordinal base: 1
3 Ordinal      RVA  Name
4       1 0xa09670  main

Symbol exporting in the 23.0 bins (bitcoind.exe):

 0Export Table:
 1 DLL name: bitcoind.exe
 2 Ordinal base: 1
 3 Ordinal      RVA  Name
 4       1 0x5569f0  secp256k1_context_clone
 5       2 0x556890  secp256k1_context_create
 6       3 0x556bd0  secp256k1_context_destroy
 7       4 0xa12710  secp256k1_context_no_precomp
 8       5 0x556900  secp256k1_context_preallocated_clone
 9       6 0x556740  secp256k1_context_preallocated_clone_size
10       7 0x556750  secp256k1_context_preallocated_create
11       8 0x556ae0  secp256k1_context_preallocated_destroy
12       9 0x556710  secp256k1_context_preallocated_size
13      10 0x5589c0  secp256k1_context_randomize
14      11 0x556c80  secp256k1_context_set_error_callback
15      12 0x556c20  secp256k1_context_set_illegal_callback
16      13 0x558260  secp256k1_ec_privkey_negate
17      14 0x5584e0  secp256k1_ec_privkey_tweak_add
18      15 0x558730  secp256k1_ec_privkey_tweak_mul
19      16 0x5572a0  secp256k1_ec_pubkey_cmp
20      17 0x5589f0  secp256k1_ec_pubkey_combine
21      18 0x557f40  secp256k1_ec_pubkey_create
22      19 0x558270  secp256k1_ec_pubkey_negate
23      20 0x556dc0  secp256k1_ec_pubkey_parse
24      21 0x5570d0  secp256k1_ec_pubkey_serialize
25      22 0x5584f0  secp256k1_ec_pubkey_tweak_add
26      23 0x558740  secp256k1_ec_pubkey_tweak_mul
27      24 0x558100  secp256k1_ec_seckey_negate
28      25 0x5583a0  secp256k1_ec_seckey_tweak_add
29      26 0x5585f0  secp256k1_ec_seckey_tweak_mul
30      27 0x557ed0  secp256k1_ec_seckey_verify
31      28 0x559120  secp256k1_ecdsa_recover
32      29 0x558f50  secp256k1_ecdsa_recoverable_signature_convert
33      30 0x558d00  secp256k1_ecdsa_recoverable_signature_parse_compact
34      31 0x558e70  secp256k1_ecdsa_recoverable_signature_serialize_compact
35      32 0x557da0  secp256k1_ecdsa_sign
36      33 0x558fe0  secp256k1_ecdsa_sign_recoverable
37      34 0x557ab0  secp256k1_ecdsa_signature_normalize
38      35 0x557540  secp256k1_ecdsa_signature_parse_compact
39      36 0x5573b0  secp256k1_ecdsa_signature_parse_der
40      37 0x557a10  secp256k1_ecdsa_signature_serialize_compact
41      38 0x557660  secp256k1_ecdsa_signature_serialize_der
42      39 0x557bf0  secp256k1_ecdsa_verify
43      40 0x5598a0  secp256k1_keypair_create
44      41 0x559af0  secp256k1_keypair_pub
45      42 0x559a60  secp256k1_keypair_sec
46      43 0x559bc0  secp256k1_keypair_xonly_pub
47      44 0x559d20  secp256k1_keypair_xonly_tweak_add
48      45 0xa9e0c0  secp256k1_nonce_function_bip340
49      46 0xa9e0e0  secp256k1_nonce_function_default
50      47 0xa9e0e8  secp256k1_nonce_function_rfc6979
51      48 0x559f00  secp256k1_schnorrsig_sign
52      49 0x559f30  secp256k1_schnorrsig_sign_custom
53      50 0x559fd0  secp256k1_schnorrsig_verify
54      51 0x556ce0  secp256k1_scratch_space_create
55      52 0x556d50  secp256k1_scratch_space_destroy
56      53 0x558c20  secp256k1_tagged_sha256
57      54 0x559470  secp256k1_xonly_pubkey_cmp
58      55 0x559530  secp256k1_xonly_pubkey_from_pubkey
59      56 0x559290  secp256k1_xonly_pubkey_parse
60      57 0x5593a0  secp256k1_xonly_pubkey_serialize
61      58 0x559650  secp256k1_xonly_pubkey_tweak_add
62      59 0x559780  secp256k1_xonly_pubkey_tweak_add_check

fanquake added the label Windows on May 30, 2022

fanquake added the label Upstream on May 30, 2022

fanquake added the label DrahtBot Guix build requested on May 30, 2022

hebasto commented at 7:25 pm on May 30, 2022: member

Maybe the oldest binutils used for cross-compiling do not require any ASLR workarounds?

fanquake commented at 7:30 pm on May 30, 2022: member

Maybe the oldest binutils used for cross-compiling #23360 (comment) any ASLR workarounds?

I’ve outlined in the commits which versions of binutils are affected by the bug, and that includes, for example, the version shipped with Ubuntu Focal, which is almost certainly still used to cross-compile WIndows binaries. The comment you’ve linked too, says to update the doc to mention that version that includes the fix, which has been done here.

hebasto commented at 7:32 pm on May 30, 2022: member

Concept ACK.

in src/bitcoin-tx.cpp:857 in 66514bb41b outdated

853@@ -854,7 +854,16 @@ static int CommandLineRawTx(int argc, char* argv[])
854     return nRet;
855 }
856 
857+#ifdef WIN32

laanwj commented at 7:10 am on May 31, 2022:

Would it make sense to define a macro for this in, say, the compat header, instead of repeating this for every file with a main function?

theuni commented at 1:39 pm on May 31, 2022:

FWIW, I believe __attribute__ ((visibility ("default"))) would have the same effect, in case it helps to use that machinery instead in a macro.

fanquake commented at 2:48 pm on June 11, 2022:

Changed to using a macro.

fanquake commented at 2:48 pm on June 11, 2022:

Changed to using a macro.

laanwj commented at 7:11 am on May 31, 2022: member

Concept ACK

This is more elegant. Exporting only the entry point makes much more sense than exporting secp256k1 symbols. Although it can’t hurt (no one dynloads a binary, i’d hope!), it could be a risk for shared libraries where the symbols could interfere.

Edit:

Although it can’t hurt (no one dynloads a binary, i’d hope!)

Wait, I’m wrong here. It could hurt, if we dynamically link against libraries that (directly or indirectly) use another version of secp256k1. I remember we had a problem like this with OpenSSL a long time ago where our statically linked version of OpenSSL conflicted with the one Qt was using. It’s quite an edge case though :smile: But it’s always better to err on the safe side, I mean.

fanquake commented at 7:47 am on May 31, 2022: member

cc also @real-or-random @jonasnick

theuni commented at 1:40 pm on May 31, 2022: member

ACK with or without the suggestion here.

theuni commented at 1:43 pm on May 31, 2022: member

Wait, I’m wrong here. It could hurt, if we dynamically link against libraries that (directly or indirectly) use another version of secp256k1. I remember we had a problem like this with OpenSSL a long time ago where our statically linked version of OpenSSL conflicted with the one Qt was using. It’s quite an edge case though 😄 But it’s always better to err on the safe side, I mean.

Thanks so much for this reminder, I had forgotten about this edge case! Very helpful to keep in mind.

DrahtBot commented at 12:44 pm on June 2, 2022: member

Guix builds

File	commit 5f65afff9c4c735d607a69fc3d18b4ecadbf3ba9(master)	commit f37b9af9646c15277257c5ac089bf648661f8bb6(master and this pull)
SHA256SUMS.part	`48da0fae4f3c828d...`	`70479e95e6f3b20e...`
*-aarch64-linux-gnu-debug.tar.gz	`c05d18eb70d358f2...`	`08939403fb4691a1...`
*-aarch64-linux-gnu.tar.gz	`0194c2ddbba2e739...`	`3ebff07596d4c6d7...`
*-arm-linux-gnueabihf-debug.tar.gz	`849bd24df6cf4bc1...`	`74b23e24601531df...`
*-arm-linux-gnueabihf.tar.gz	`c4e68fae5594ba3a...`	`cbe3285b4d34aae4...`
*-arm64-apple-darwin-unsigned.dmg	`c9a2bc0f65b20bae...`	`7d4937ae4fe1417d...`
*-arm64-apple-darwin-unsigned.tar.gz	`a8fedf69253c2295...`	`77c7f2934488ca28...`
*-arm64-apple-darwin.tar.gz	`f948368bf3f9a49d...`	`7af293a446285c41...`
*-powerpc64-linux-gnu-debug.tar.gz	`fbc766009041f2c6...`	`b905fef776ccb0f8...`
*-powerpc64-linux-gnu.tar.gz	`1d2b389ecae24861...`	`a6a4ca404a3001fc...`
*-powerpc64le-linux-gnu-debug.tar.gz	`e78a4d47f8dbffec...`	`6b1eb2e875de34d5...`
*-powerpc64le-linux-gnu.tar.gz	`5ab6c4a6f99988e7...`	`0744d171fd5a6224...`
*-riscv64-linux-gnu-debug.tar.gz	`68e49fd2dfdbe98b...`	`9c19f76c2d7a3fb8...`
*-riscv64-linux-gnu.tar.gz	`173139662bd4331e...`	`0755081d8bb62909...`
*-win64-debug.zip	`270501950de1c55e...`	`9a1e6da8c0fb1623...`
*-win64-setup-unsigned.exe	`21839223fa33e86f...`	`32cda3faeaf4d2f6...`
*-win64-unsigned.tar.gz	`aeeabbb72b47c843...`	`385f6009a3e3b35c...`
*-win64.zip	`6c8ac0a41980c34a...`	`a1cbbefddabf8a84...`
*-x86_64-apple-darwin-unsigned.dmg	`890caf48cb5f2710...`	`78b52e782cf5d4cc...`
*-x86_64-apple-darwin-unsigned.tar.gz	`df51da5073165fb0...`	`371a02ebc90425b2...`
*-x86_64-apple-darwin.tar.gz	`3c9b643d7f4a6ac5...`	`b843c49fffde7ed0...`
*-x86_64-linux-gnu-debug.tar.gz	`e9f5d54fa3f1941b...`	`3b50b3fdf46dcf19...`
*-x86_64-linux-gnu.tar.gz	`543dce95f9a0b243...`	`91e165b95a998da2...`
*.tar.gz	`a2f9f253d3373fda...`	`0bea692881f30f14...`
guix_build.log	`b2bbb782674ee4ee...`	`563fb647a42c0175...`
guix_build.log.diff		`08ef072b38bb0ad3...`

DrahtBot removed the label DrahtBot Guix build requested on Jun 2, 2022

in src/bitcoin-cli.cpp:1216 in 66514bb41b outdated

1215@@ -1216,8 +1216,8 @@ static int CommandLineRPC(int argc, char *argv[])
1216 // Export main() and ensure working ASLR on Windows.

real-or-random commented at 12:33 pm on June 6, 2022:

nit: It would be more precise to say mingw-w64 (or whatever is the exact target that has the bug) instead of just “Windows”.

edit: Okay, I see now that the commit message of 315a4d36f716341a38bc4e4de8630b3246d27dbc explains this in detail already. Might still be good to say mingw-w64.

fanquake commented at 2:48 pm on June 11, 2022:

Chnages this to mention mingw-w64 instead.

fanquake commented at 2:48 pm on June 11, 2022:

Chnages this to mention mingw-w64 instead.

laanwj added the label Waiting for author on Jun 8, 2022

compat: Consolidate mingw-w64 ASLR workaround for upstream libsecp changes

Achieve this by adding a MAIN_FUNCTION macro, consolidating the docs, and
introducing the macro across our distributed binaries.

Also update the docs to explain that anyone using binutils < 2.36 is
effected by this issue. Release builds are not, because they use binutils
2.37. Currently LTS Linux distros, like Ubuntu Focal, ship with 2.34.

https://packages.ubuntu.com/focal/binutils

fbae8c59a2

Squashed 'src/secp256k1/' changes from 8746600ee..44c2452fd

44c2452fd Merge bitcoin-core/secp256k1#1105: Don't export symbols in static libraries
6f6cab998 abi: Don't export symbols in static Windows libraries
485f608fa Merge bitcoin-core/secp256k1#1104: Fix the false positive of `SECP_64BIT_ASM_CHECK`
8b013fce5 Merge bitcoin-core/secp256k1#1056: Save negations in var-time group addition
7efc9835a Fix the false positive of `SECP_64BIT_ASM_CHECK`
2f984ffc4 Save negations in var-time group addition

git-subtree-dir: src/secp256k1
git-subtree-split: 44c2452fd387f7ca604ab42d73746e7d3a44d8a2

c41bfd1070

Update secp256k1 subtree to latest upstream master 913b1f2a5e

fanquake force-pushed on Jun 11, 2022

fanquake removed the label Waiting for author on Jun 11, 2022

fanquake commented at 2:58 pm on June 11, 2022: member

Changed the approach to using a MAIN_FUNCTION macro in compat. Added x86_64 and arm64 Guix builds to the op.

in src/bitcoin-tx.cpp:858 in 913b1f2a5e

854@@ -854,7 +855,7 @@ static int CommandLineRawTx(int argc, char* argv[])
855     return nRet;
856 }
857 
858-int main(int argc, char* argv[])
859+MAIN_FUNCTION

real-or-random commented at 3:22 pm on June 11, 2022:

I like this macro approach more but would it make sense to have the macro cover only contain __declspec(dllexport) and the empty string?

Hiding the function arguments obscures the code somewhat (though in that case, most people can probably infer int argc, char* argv[]).

laanwj commented at 7:11 am on June 13, 2022:

There’s something to be said for doing it that way, on the other hand, I suggested this because it makes it clear that it’s to be used for the main() function. We could ostensibly even add a linter that detects “bare” definitions of main and rejects them.

We will at some point need finer control over exporting than this, for the shared libraries, but it’s out of scope for this PR.

theuni commented at 6:57 pm on June 13, 2022:

clang-tidy linter pushed here: https://github.com/theuni/bitcoin-tidy/commit/b2c8d38b58ff6f7055fc73c4cb3cfabac20c898d

This was a helpful exercise. The win32-specificness of this means that you have to run clang-tidy in Windows mode (--target=x86_64-w64-mingw32), which is really inconvenient for what should be a pretty general-purpose tool.

It occurs to me that this makes for a good distinction for what would be a good clang plugin vs a clang-tidy plugin. In this case, I think we’d prefer to check for this as a side-effect of compilation (clang-plugin) instead since that machinery is already arch-specific.

theuni commented at 7:00 pm on June 13, 2022:

No opinion on the scope of the macro, both arguments make sense to me. It has no effect on detection by clang/clang-tidy.

real-or-random commented at 3:22 pm on June 11, 2022: member

ACK mod nit

laanwj commented at 7:09 am on June 13, 2022: member

Code review ACK 913b1f2a5eb2ee5cd02113791764b23ded4c1c94

fanquake requested review from theuni on Jun 13, 2022

theuni approved

theuni commented at 7:04 pm on June 13, 2022: member

ACK 913b1f2a5eb2ee5cd02113791764b23ded4c1c94

MarcoFalke merged this on Jun 13, 2022

MarcoFalke closed this on Jun 13, 2022

fanquake deleted the branch on Jun 13, 2022

sidhujag referenced this in commit 3704ef4fcf on Jun 15, 2022

DrahtBot locked this on Jun 13, 2023

Consolidate Windows ASLR workarounds for upstream secp256k1 changes #25251

Guix builds